Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Remove PC Cleaner Pro / Have Browser Hijackers, also


  • This topic is locked This topic is locked
23 replies to this topic

#1 ddwebgurl

ddwebgurl

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 10 February 2015 - 12:09 PM

Hello and thanks in advance for any help you can give me.

 

I am working on a Windows XP SP3 computer (yes, I realize it's no longer supported). It will be installed at a non-profit where there is no internet connection. I hate to format and reinstall, because they will lose the OEM-installed copy of Office 2007. Any help to remove unwanted / infected programs would be greatly appreciated.

 

There was no indication at all that these items were present, just some complaints that something wasn't quite right. I ran AVG Internet Security and SuperAntispyware and a number of PUPs / toolbars were removed. Some seemed like they were partially removed and their entries remained in Add/Remove Programs.

 

I downloaded CCleaner and tried to uninstall a program that was no longer needed, Advanced Drawing. I think this was installed with an old ClickArt CD. I was using CCleaner's uninstall and when I clicked the icon to uninstall, suddenly PC Cleaner Pro installed. I followed some forum posts on how to remove this using Norton Power Eraser, but even though it identified the program and attempted to delete this, it gave me a failure notice.

 

More forum reading and I tried to remove PC Cleaner Pro via Safe Mode and Add/Remove Programs, but no joy. That resulted in the sudden installation of TuneUp Utilities 2014. and TuneUp 1-Click Maintenance. I have no idea where these came from and it may be unrelated, but it looks like they might be part of AVG. I also got several IE windows suddenly opening.

 

Here's where I need help. Can this be removed without sacrificing Office 2007? If so, I'd like to do so with your assistance. 

 

FRST LOG BELOW AS INSTRUCTED

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Administrator (administrator) on ELOISE on 10-02-2015 12:05:02
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: Eloise Swales & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-19] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Nuance.ctfmngr] => C:\Program Files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe [46440 2009-02-13] (Nuance Communications, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3625653860-631505778-871109529-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
SearchScopes: HKLM -> Backup.Old.DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0}
SearchScopes: HKLM -> {587A2621-EE37-E2A1-482C-6542E54F4617} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = 
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3a51d2&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @RecipeHub_2j.com/Plugin -> C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-31]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKU\.DEFAULT\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\fdepacjoijebcfaaenjicnejghibmebp.crx [2013-03-27]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\DOCUME~1\ELOISE~1\LOCALS~1\APPLIC~1\funmoods.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\Object\chromeaddon.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-03-18]
CHR HKLM\...\Chrome\Extension: [mhodfgapkpmcepkmcohmfkneadpikmkd] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\mhodfgapkpmcepkmcohmfkneadpikmkd.crx [2013-05-29]
CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\I Want This\Chrome\I Want This.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79168 2007-06-20] (Broadcom Corporation)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c9ad8c3baf53e4; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RecipeHub_2jService; C:\Program Files\RecipeHub_2j\bar\1.bin\2jbarsvc.exe [88648 2014-04-07] (COMPANYVERS_NAME)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
S2 6to4; C:\WINDOWS\system32\6to4ex.dll [X]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S1 FsFilter; \??\c:\documents and settings\eloise swales\application data\.minecraft\rxsupply.sys [X]
S3 HpGmb001; system32\DRIVERS\HpGmb001.SYS [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
U4 SharedAccess; No ImagePath
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 12:05 - 2015-02-10 12:05 - 00018624 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-02-10 12:04 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2015-02-10 11:35 - 2015-02-10 11:37 - 00025688 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Addition.txt
2015-02-10 11:33 - 2015-02-10 11:37 - 00050306 _____ () C:\Documents and Settings\Eloise Swales\Desktop\FRST.txt
2015-02-10 11:32 - 2015-02-10 12:05 - 00000000 ____D () C:\FRST
2015-02-10 11:32 - 2015-02-10 11:28 - 01124352 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-02-09 16:00 - 2015-02-09 16:00 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2015-02-09 16:00 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2015-02-09 15:59 - 2015-02-09 16:00 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2015-02-09 15:59 - 2015-02-09 15:59 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\TuneUp Software
2015-02-09 15:58 - 2015-02-09 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2015-02-09 15:58 - 2015-02-09 15:58 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-09 15:57 - 2015-02-09 15:57 - 00000757 _____ () C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Program Files\Magical Jelly Bean
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\OpenCandy
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
2015-02-09 15:11 - 2015-02-09 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\PCPro
2015-02-09 14:50 - 2015-02-09 14:49 - 09596176 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe
2015-02-09 14:43 - 2015-02-09 15:30 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\NPE
2015-02-09 14:43 - 2015-02-09 14:42 - 03060320 ____N (Symantec Corporation) C:\Documents and Settings\Eloise Swales\Desktop\NPE.exe
2015-02-09 13:47 - 2015-02-09 13:47 - 00000000 ____D () C:\SUPERDelete
2015-02-09 13:46 - 2015-02-09 13:46 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\SUPERAntiSpyware.com
2015-02-09 13:45 - 2015-02-10 11:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-09 13:45 - 2015-02-09 13:45 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-09 13:45 - 2015-02-09 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-02-09 13:45 - 2015-02-09 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-02-09 13:37 - 2015-02-09 13:37 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-09 13:37 - 2015-02-09 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-09 13:23 - 2015-02-09 13:23 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-02-09 13:23 - 2015-02-09 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 13:23 - 2015-02-09 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-02-06 14:17 - 2015-02-06 14:17 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-02-03 16:20 - 2015-02-03 16:20 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Hewlett-Packard
2015-01-26 11:55 - 2015-02-09 12:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 17:15 - 2015-01-27 12:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 17:15 - 2015-01-24 17:15 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla
2015-01-12 11:35 - 2015-01-12 11:35 - 00317440 _____ () C:\Documents and Settings\Eloise Swales\My Documents\Happy BD sailboat.car
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 12:05 - 2013-11-07 13:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-10 12:01 - 2013-12-26 12:42 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2015-02-10 12:01 - 2008-05-01 16:53 - 00000178 ___SH () C:\Documents and Settings\Eloise Swales\ntuser.ini
2015-02-10 12:01 - 2008-05-01 16:53 - 00000000 ____D () C:\Documents and Settings\Eloise Swales
2015-02-10 12:01 - 2004-08-10 12:08 - 00032552 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-10 12:01 - 2004-08-10 12:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-10 12:01 - 2004-08-10 12:02 - 01099424 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-10 12:01 - 2004-08-10 11:59 - 00000346 _____ () C:\WINDOWS\wiadebug.log
2015-02-10 12:00 - 2012-01-13 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-02-10 12:00 - 2008-05-01 16:53 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Temp
2015-02-10 11:44 - 2009-06-27 02:24 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 11:30 - 2008-05-12 16:10 - 00000000 ____D () C:\MDT
2015-02-10 11:30 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-09 15:59 - 2012-12-14 08:41 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\TuneUp Software
2015-02-09 15:26 - 2013-03-23 10:50 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin
2015-02-09 15:26 - 2013-03-23 10:48 - 00000000 __SHD () C:\AI_RecycleBin
2015-02-09 15:25 - 2011-09-10 14:12 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\RobloxVersions
2015-02-09 15:24 - 2012-12-19 20:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PC1Data
2015-02-09 15:24 - 2004-08-10 12:01 - 00000000 ____D () C:\Program Files\MSN
2015-02-09 15:17 - 2012-06-05 07:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-09 15:13 - 2013-11-07 13:46 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-09 15:11 - 2013-11-07 13:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-02-09 14:58 - 2004-08-10 11:51 - 00000211 __RSH () C:\boot.ini
2015-02-09 14:43 - 2011-01-27 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-02-09 13:47 - 2009-12-13 09:00 - 00000000 ____D () C:\Program Files\The Weather Channel FW
2015-02-09 13:47 - 2009-12-13 08:59 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\The Weather Channel
2015-02-09 13:47 - 2004-08-10 12:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-09 13:47 - 2004-08-10 11:57 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-02-09 13:45 - 2013-01-05 10:40 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Facebook
2015-02-09 13:33 - 2012-12-19 20:32 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\PCPro
2015-02-09 13:33 - 2008-04-29 17:15 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-02-09 13:33 - 2008-04-29 17:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 13:31 - 2010-08-20 15:40 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-09 13:26 - 2012-12-14 08:41 - 00000000 ____D () C:\Program Files\AVG Secure Search
2015-02-09 13:22 - 2009-07-01 18:36 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\Unity
2015-02-09 13:22 - 2009-07-01 18:30 - 00000000 ____D () C:\Program Files\Unity
2015-02-09 13:18 - 2004-08-10 11:57 - 00185816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-09 13:16 - 2004-08-10 11:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-09 13:15 - 2010-03-01 21:18 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-09 13:12 - 2008-05-01 16:53 - 00042640 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-09 13:07 - 2010-12-15 19:46 - 00000000 ____D () C:\Program Files\real
2015-02-09 13:07 - 2008-05-01 20:15 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\Real
2015-02-09 13:04 - 2008-05-08 16:42 - 00000000 ____D () C:\Program Files\PrintMaster Platinum 17
2015-02-09 13:01 - 2008-05-09 11:09 - 00000000 ____D () C:\Program Files\Outlook Express Quick Backup
2015-02-09 13:01 - 2008-05-08 16:53 - 00000000 ____D () C:\Program Files\Web Publish
2015-02-09 13:01 - 2004-08-10 11:52 - 00000000 ____D () C:\WINDOWS\Help
2015-02-09 13:00 - 2008-04-29 17:10 - 00000000 ____D () C:\Program Files\Java
2015-02-09 12:59 - 2010-03-01 21:01 - 00000000 ____D () C:\Program Files\HP
2015-02-09 12:58 - 2010-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-02-09 12:56 - 2004-08-10 11:57 - 00006790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 12:53 - 2010-03-01 20:57 - 00010522 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-02-09 12:51 - 2010-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-02-09 12:17 - 2008-04-29 17:15 - 00000000 ____D () C:\Program Files\Google
2015-02-09 12:16 - 2013-06-10 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-09 12:16 - 2012-06-05 18:59 - 02967742 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3625653860-631505778-871109529-1006-0.dat
2015-02-09 12:16 - 2011-04-16 02:27 - 00580054 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-09 12:04 - 2008-05-01 20:32 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 12:00 - 2009-05-24 11:43 - 00000000 ____D () C:\Program Files\Garmin
2015-02-09 11:59 - 2013-07-05 16:50 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\My Documents\Garmin
2015-02-09 11:59 - 2013-06-10 19:32 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Garmin
2015-02-09 11:59 - 2012-05-31 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Garmin
2015-02-09 11:58 - 2009-05-24 11:43 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\GARMIN
2015-02-08 17:43 - 2004-08-10 11:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-06 15:56 - 2008-10-20 14:25 - 00002539 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Dragon NaturallySpeaking 10.0.lnk
2015-02-06 15:56 - 2008-10-20 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-06 14:17 - 2012-06-05 07:05 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-06 14:17 - 2012-01-13 22:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-04 07:44 - 2009-06-27 02:24 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:02 - 2008-05-12 14:21 - 00002515 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Microsoft Office Word 2007.lnk
2015-02-03 14:35 - 2010-03-26 17:24 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\My Documents\New Folder
2015-02-03 13:54 - 2008-05-12 13:38 - 00002719 _____ () C:\Documents and Settings\Eloise Swales\Application Data\SAS7_000.DAT
2015-02-03 03:00 - 2008-10-20 14:45 - 00000530 _____ () C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job
2015-02-02 10:33 - 2010-07-20 14:25 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3625653860-631505778-871109529-1006.job
2015-02-02 02:00 - 2008-10-20 14:45 - 00000506 _____ () C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
2015-02-01 12:40 - 2014-09-27 14:00 - 00010482 _____ () C:\Documents and Settings\Eloise Swales\My Documents\Wesley's Rent Record.xlsx
2015-02-01 12:38 - 2008-07-29 11:50 - 00002473 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Microsoft Office Excel 2007.lnk
2015-01-31 21:02 - 2011-05-28 20:02 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2015-01-26 12:04 - 2014-08-21 17:11 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Adobe
2015-01-24 17:30 - 2009-11-12 11:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2015-01-24 17:30 - 2009-11-12 11:47 - 00000000 ____D () C:\Program Files\LogMeIn
2015-01-22 09:21 - 2014-01-26 10:09 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2015-01-22 09:21 - 2014-01-26 10:09 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-19 10:46 - 2009-11-12 11:48 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-01-19 10:46 - 2009-11-12 11:48 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-01-19 10:46 - 2009-11-12 11:47 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-01-15 03:11 - 2013-08-14 02:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 03:00 - 2008-05-01 17:07 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-12 12:01 - 2008-05-01 20:27 - 00163328 _____ () C:\Documents and Settings\Eloise Swales\My Documents\winter birthday.car
2015-01-12 11:22 - 2010-08-19 17:15 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\U3
 
Files to move or delete:
====================
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE1.dat
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences.dat
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences2.dat
C:\Documents and Settings\Eloise Swales\jagex__preferences3.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Eloise Swales\Local Settings\Temp\TFR4.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 14 February 2015 - 12:01 AM

Hi ddwebgurl,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

You have a Rootkit infection on your computer. Please read through the instructions to familiarize yourself with the steps before you start. If you are more comfortable you can print them out for reference as you work though the steps.

bullseye_zpse9eaf36e.gif TDSSKiller

Please download TDSSKiller.zip - Extract it to your desktop
  • TDSSKiller.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • After program loads, click on Change parameters.
  • Put a check-mark beside Loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Press Start Scan
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue
  • Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • IMPORTANT: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt.
  • =========================

    In your next post please provide the following:
    • TDSSKiller.[Version]_[Date]_[Time]_log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#3 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 16 February 2015 - 11:26 AM

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#4 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 16 February 2015 - 11:36 AM

Hello! Sorry for the delay, was away from my email. Will proceed and post back shortly.



#5 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 16 February 2015 - 12:08 PM

I was unable to post the log (error post too long), but it is attached.

Attached Files



#6 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 16 February 2015 - 12:48 PM

Hi ddwebgurl,

Were you given the option to "Cure" the items found on the TDSSKiller scan?

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • WhiteSmoke New Toolbar
  • TuneUp Utilities 2014 (all listed)
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt


Start
CloseProcesses:
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
SearchScopes: HKLM -> DefaultScope {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm039^YYA^us&si=radiopi&ptb=11BDB791-2279-4996-9473-39EE524F701B&ind=2013082112&n=77fd3200&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> Backup.Old.DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0}
SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm039^YYA^us&si=radiopi&ptb=11BDB791-2279-4996-9473-39EE524F701B&ind=2013082112&n=77fd3200&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {587A2621-EE37-E2A1-482C-6542E54F4617} URL = 
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0E0CzytA0Czz0D0Czy0A0EtDtDtN0D0Tzu0CtAyDyBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1526167311
SearchScopes: HKLM -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002YYus&ptb=7505C918-1AF8-434C-B29A-6ADF26FCA140&psa=&ind=2011042113&ptnrS=YKxdm002YYus&si=&st=sb&n=77de1141&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = 
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3a51d2&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @RecipeHub_2j.com/Plugin -> C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\DOCUME~1\ELOISE~1\LOCALS~1\APPLIC~1\funmoods.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\Object\chromeaddon.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\I Want This\Chrome\I Want This.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [Not Found]
S2 RecipeHub_2jService; C:\Program Files\RecipeHub_2j\bar\1.bin\2jbarsvc.exe [88648 2014-04-07] (COMPANYVERS_NAME)
S4 LMIRfsClientNP; No ImagePath
U4 SharedAccess; No ImagePath
U1 WS2IFSL; No ImagePath
S1 FsFilter; \??\c:\documents and settings\eloise swales\application data\.minecraft\rxsupply.sys [X]
S3 HpGmb001; system32\DRIVERS\HpGmb001.SYS [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
2015-02-09 16:00 - 2015-02-09 16:00 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2015-02-09 16:00 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2015-02-09 15:59 - 2015-02-09 16:00 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2015-02-09 15:59 - 2015-02-09 15:59 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\TuneUp Software
2015-02-09 15:58 - 2015-02-09 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2015-02-09 15:11 - 2015-02-09 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\PCPro
2015-02-09 14:50 - 2015-02-09 14:49 - 09596176 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe
2015-02-09 15:11 - 2015-02-09 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\PCPro
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • checkup.txt
  • Answer any questions I may have asked.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#7 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 16 February 2015 - 01:37 PM

In answer to your question regarding TDSSKiller, I was not given the Cure option.

I was unable to uninstall WhiteSmoke New Toolbar. I have tried this several times before. The entry is in the list but will not uninstall. Nothing happens. It still appears in the Add or Remove Programs list.

The logs are below as requested.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by Eloise Swales at 2015-02-16 13:03:41 Run:1
Running from C:\Documents and Settings\Eloise Swales\Desktop
Loaded Profiles: Eloise Swales (Available profiles: Eloise Swales & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll ATTENTION! ====> ZeroAccess?
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
SearchScopes: HKLM -> DefaultScope {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm039^YYA^us&si=radiopi&ptb=11BDB791-2279-4996-9473-39EE524F701B&ind=2013082112&n=77fd3200&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> Backup.Old.DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0}
SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm039^YYA^us&si=radiopi&ptb=11BDB791-2279-4996-9473-39EE524F701B&ind=2013082112&n=77fd3200&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {587A2621-EE37-E2A1-482C-6542E54F4617} URL =
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0E0CzytA0Czz0D0Czy0A0EtDtDtN0D0Tzu0CtAyDyBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1526167311
SearchScopes: HKLM -> {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002YYus&ptb=7505C918-1AF8-434C-B29A-6ADF26FCA140&psa=&ind=2011042113&ptnrS=YKxdm002YYus&si=&st=sb&n=77de1141&searchfor={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3a51d2&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @RecipeHub_2j.com/Plugin -> C:\Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\DOCUME~1\ELOISE~1\LOCALS~1\APPLIC~1\funmoods.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files\FTDownloader.com\FTDownloader10.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\Object\chromeaddon.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\I Want This\Chrome\I Want This.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ocphobfcfafpclibolpjdafgaffkaoci] - C:\Program Files\Browser Plugin\gplplugin.crx [Not Found]
S2 RecipeHub_2jService; C:\Program Files\RecipeHub_2j\bar\1.bin\2jbarsvc.exe [88648 2014-04-07] (COMPANYVERS_NAME)
S4 LMIRfsClientNP; No ImagePath
U4 SharedAccess; No ImagePath
U1 WS2IFSL; No ImagePath
S1 FsFilter; \??\c:\documents and settings\eloise swales\application data\.minecraft\rxsupply.sys [X]
S3 HpGmb001; system32\DRIVERS\HpGmb001.SYS [X]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
2015-02-09 16:00 - 2015-02-09 16:00 - 00001747 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00001747 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00001741 _____ () C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk
2015-02-09 16:00 - 2015-02-09 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014
2015-02-09 16:00 - 2014-07-16 10:24 - 00036664 _____ (TuneUp Software) C:\WINDOWS\system32\TURegOpt.exe
2015-02-09 15:59 - 2015-02-09 16:00 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014
2015-02-09 15:59 - 2015-02-09 15:59 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\TuneUp Software
2015-02-09 15:58 - 2015-02-09 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TuneUp Software
2015-02-09 15:11 - 2015-02-09 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\PCPro
2015-02-09 14:50 - 2015-02-09 14:49 - 09596176 _____ (PC Cleaners) C:\Documents and Settings\All Users\Application Data\pclunst.exe
2015-02-09 15:11 - 2015-02-09 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\PCPro
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main\\First Home Page => Value not found.
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Error setting value.
HKU\S-1-5-21-3625653860-631505778-871109529-500\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{587A2621-EE37-E2A1-482C-6542E54F4617}" => Key deleted successfully.
HKCR\CLSID\{587A2621-EE37-E2A1-482C-6542E54F4617} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}" => Key deleted successfully.
HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-3625653860-631505778-871109529-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gkjoindjjcmbdpbfppabdgflnkgbbcli" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci" => Key deleted successfully.
RecipeHub_2jService => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
SharedAccess => Service deleted successfully.
WS2IFSL => Service deleted successfully.
FsFilter => Service deleted successfully.
HpGmb001 => Service deleted successfully.
LMIInfo => Service deleted successfully.
"C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014.lnk" => File/Directory not found.
"C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk" => File/Directory not found.
"C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2014.lnk" => File/Directory not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2014" => File/Directory not found.
"C:\WINDOWS\system32\TURegOpt.exe" => File/Directory not found.
"C:\Program Files\TuneUp Utilities 2014" => File/Directory not found.
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\TuneUp Software => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TuneUp Software => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\PCPro => Moved successfully.
C:\Documents and Settings\All Users\Application Data\pclunst.exe => Moved successfully.
"C:\Documents and Settings\Administrator\Application Data\PCPro" => File/Directory not found.
EmptyTemp: => Removed 1014.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:04:03 ====

 

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 13:10:40
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Eloise Swales - ELOISE
# Running from : C:\Documents and Settings\Eloise Swales\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BearShare Applications
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\Object
Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\apn
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\NativeMessaging
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\PutLockerDownloader
Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\TBHostSupport
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Iminent
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Toolbar4
[!] Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\ftdownloader@ftdownloader.com.xpi
Folder Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\2jffxtbr@RecipeHub_2j.com
[!] Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp
[!] Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
[!] Folder Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mffdcionknddopdmdnloanoafafkmckb
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\funmoods-speeddial.crx
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\invalidprefs.js
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\delta.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\mywebsearch.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\SearchTheWeb.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\searchplugins\search-the-web.xml
File Deleted : C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [superfish@superfish.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdepacjoijebcfaaenjicnejghibmebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdepacjoijebcfaaenjicnejghibmebp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mffdcionknddopdmdnloanoafafkmckb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.BHO
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F20DE5E0-2A6E-4C54-985F-1CF59551CE39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1368B44-60A8-470F-9537-C1BC2390C8E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-006A-76A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{40B02F66-CE0B-4DDA-98B3-A4211D994F84}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\I Want This
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\DomaIQ
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[lcw8781e.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "nv1");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0E0CzytA0Czz0D0Czy0A0EtDtDtN0D0Tzu0CtAyDyBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1526167311");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "001EC93C8DC9AE00");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlDay", "15697");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0E0CzytA0Czz0D0Czy0A0EtDtDtN0D0Tzu0CtAyDyBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1526167311");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0E0CzytA0Czz0D0Czy0A0EtDtDtN0D0Tzu0CtAyDyBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1526167311&q=[...]
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.220:16:58");
[lcw8781e.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"2jffxtbr@RecipeHub_2j.com\":{\"d\":\"C:\\\\Documents and Settings\\\\Eloise Swales\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\lcw878[...]

-\\ Google Chrome v40.0.2214.111

[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0E0CzytA0Czz0D0Czy0A0EtDtDtN0D0Tzu0CtAyDyBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1526167311
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss&mntrId=D97C001EC93C8DC9
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={D1F9921D-E2E6-4DA4-AB56-58588A5D4F07}&mid=d2bd137ff16f5042c957af89a9205489-b43848c1eec4f4a59c10bdd6d5592965bc645388&lang=en&ds=AVG&pr=pr&d=2012-12-14%2008:41:49&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZX^xdm039^YYA^us&si=radiopi&ptb=11BDB791-2279-4996-9473-39EE524F701B&ind=2013082112&n=77fd3200&psa=&st=sb&searchfor={searchTerms}
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=sb&itbv=12.15.5.31&apn_uid=24795FAD-F2F7-46E3-902B-932A7CF11CC9&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_8.0.6001.18702&doi=2014-09-13&trgb=IE&q={searchTerms}&psv=&pt=tb
[C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&CUI=UN23109231842225424&UM=2&SelfSearch=1&SearchType=SearchWeb&SearchSource=48&ctid=CT3301943&octid=CT3301943

*************************

AdwCleaner[R0].txt - [31893 bytes] - [16/02/2015 13:08:16]
AdwCleaner[S0].txt - [32284 bytes] - [16/02/2015 13:10:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32344  bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Microsoft Windows XP x86
Ran by Eloise Swales on Mon 02/16/2015 at 13:16:11.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.FeedManager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.FeedManager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLMenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLMenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLPanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.HTMLPanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.MultipleButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.MultipleButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.PseudoTransparentPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.PseudoTransparentPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.Radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.Radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.RadioSettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.RadioSettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ScriptButton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ScriptButton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SettingsPlugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.SettingsPlugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ThirdPartyInstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ThirdPartyInstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\RecipeHub_2j.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\NatSpeak Periodic Acoustic Optimization.job
Successfully deleted: [File] C:\WINDOWS\Tasks\NatSpeak Periodic Language Model Optimization.job
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\Eloise Swales\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Eloise Swales\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Documents and Settings\Eloise Swales\Application Data\recipehub_2j"
Successfully deleted: [Folder] "C:\Documents and Settings\Eloise Swales\Application Data\simppulltoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\whitesmoke_new"
Successfully deleted: [Folder] "C:\Program Files\adventurequest worlds toolbar"
Successfully deleted: [Folder] "C:\Program Files\gamesagogo_w3i"
Successfully deleted: [Folder] "C:\Program Files\headlinealley_29ei"
Successfully deleted: [Folder] "C:\Program Files\recipehub_2j"
Successfully deleted: [Folder] "C:\Program Files\referenceboss_1pei"
Successfully deleted: [Folder] "C:\Program Files\simppulltoolbar"
Successfully deleted: [Folder] "C:\Program Files\totalrecipesearch_14"
Successfully deleted: [Folder] "C:\Program Files\whitesmoke_new"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Eloise Swales\Application Data\mozilla\firefox\profiles\lcw8781e.default\extensions\aedhiwapzg@aedhiwapzg.org.xpi [Tracur]
Successfully deleted: [File] C:\Documents and Settings\Eloise Swales\Application Data\mozilla\firefox\profiles\lcw8781e.default\extensions\pfatxyblwm@pfatxyblwm.org.xpi [Tracur]
Successfully deleted: [File] C:\Documents and Settings\Eloise Swales\Application Data\mozilla\firefox\profiles\lcw8781e.default\searchplugins\bing-zugo.xml



~~~ Chrome

Dumping contents of C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcgbggdegfdbdbgggededadedcddda
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagfgegbgddidigggcdcdjgfdegbdfge
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Extensions
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Preferences
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Web Data
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcgbggdegfdbdbgggededadedcddda\background.html
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcgbggdegfdbdbgggededadedcddda\ContentScript.js
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcgbggdegfdbdbgggededadedcddda\manifest.json
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagfgegbgddidigggcdcdjgfdegbdfge\manifest.json
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Extensions\fdepacjoijebcfaaenjicnejghibmebp
C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Successfully deleted: [Folder] C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/16/2015 at 13:19:56.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Eloise Swales (administrator) on ELOISE on 16-02-2015 13:23:55
Running from C:\Documents and Settings\Eloise Swales\Desktop
Loaded Profiles: Eloise Swales (Available profiles: Eloise Swales & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-19] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Nuance.ctfmngr] => C:\Program Files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe [46440 2009-02-13] (Nuance Communications, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-02-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {2d9e6548-bbff-11e3-8585-001ec93c8dc9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {78beed44-4874-11dd-9afa-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {8ed540a4-5d8e-11dd-9afe-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {c7b1220c-60dc-11df-82f5-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {da9dcb10-d288-11e3-858a-001ec93c8dc9} - F:\LaunchU3.exe
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {ef629b7f-141d-11e4-85a0-001ec93c8dc9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {fbe71df8-25c2-11dd-9aec-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.centurylink.net/
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3625653860-631505778-871109529-1006] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {587A2621-EE37-E2A1-482C-6542E54F4617} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
Toolbar: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> No Name - {57425636-0076-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} -  No File
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {2fb0d6c8-08e1-4a64-a3ce-fa61d8f89ba9} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3625653860-631505778-871109529-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: I Want This - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\crossriderapp2258@crossrider.com [2012-05-26]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\plugin@gameplaylabs.com [2011-03-05]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-11-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-01-24]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-31]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKU\.DEFAULT\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=122786&tt=gc_&babsrc=HP_ss_gin2g&mntrId=D97C001EC93C8DC9
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=122786&tt=gc_&babsrc=HP_ss_gin2g&mntrId=D97C001EC93C8DC9", "hxxp://search.conduit.com/?ctid=CT3301943&SearchSource=48&CUI=UN23109231842225424&UM=2"
CHR DefaultSearchKeyword: Default -> babylon.com
CHR DefaultSearchURL: Default -> http://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (HeadlineAlley) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\foaankepehnmhagcnademjmcehlganjl [2014-12-29]
CHR Extension: (WeatherBlink) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iagcpbojonfafbgbmkdplkoobcenmpll [2014-12-01]
CHR Extension: (Connect DLC) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhodfgapkpmcepkmcohmfkneadpikmkd [2013-06-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (TidyNetwork.com) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obkdkhmjcmakecacaalddelnfdodbipp [2013-05-29]
CHR HKLM\...\Chrome\Extension: [mhodfgapkpmcepkmcohmfkneadpikmkd] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\mhodfgapkpmcepkmcohmfkneadpikmkd.crx [Not Found]
CHR HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Chrome\Extension: [mhodfgapkpmcepkmcohmfkneadpikmkd] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\mhodfgapkpmcepkmcohmfkneadpikmkd.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79168 2007-06-20] (Broadcom Corporation)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c9ad8c3baf53e4; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 6to4; C:\WINDOWS\system32\6to4ex.dll [X]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R4 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2007-06-20] (Broadcom Corporation) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 13:23 - 2015-02-16 13:23 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Desktop\already posted
2015-02-16 13:08 - 2015-02-16 13:11 - 00000000 ____D () C:\AdwCleaner
2015-02-16 13:03 - 2015-02-16 13:02 - 01388274 _____ (Thisisu) C:\Documents and Settings\Eloise Swales\Desktop\JRT.exe
2015-02-16 13:03 - 2015-02-16 13:02 - 01125888 _____ (Farbar) C:\Documents and Settings\Eloise Swales\Desktop\FRST.exe
2015-02-16 13:03 - 2015-02-16 13:01 - 02112512 _____ () C:\Documents and Settings\Eloise Swales\Desktop\AdwCleaner.exe
2015-02-16 12:06 - 2015-02-16 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software
2015-02-16 12:06 - 2015-02-16 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\TuneUp Software
2015-02-16 11:54 - 2015-02-16 11:54 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Desktop\tdsskiller
2015-02-16 11:53 - 2015-02-16 11:53 - 00004715 _____ () C:\WINDOWS\setupapi.log
2015-02-10 12:06 - 2015-02-10 12:06 - 00025901 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2015-02-10 12:05 - 2015-02-10 12:06 - 00034733 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-02-10 12:04 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2015-02-10 11:33 - 2015-02-16 13:24 - 00020921 _____ () C:\Documents and Settings\Eloise Swales\Desktop\FRST.txt
2015-02-10 11:32 - 2015-02-16 13:23 - 00000000 ____D () C:\FRST
2015-02-10 11:32 - 2015-02-10 11:28 - 01124352 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-02-09 15:58 - 2015-02-09 15:58 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-09 15:57 - 2015-02-09 15:57 - 00000757 _____ () C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Program Files\Magical Jelly Bean
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
2015-02-09 14:43 - 2015-02-09 15:30 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\NPE
2015-02-09 13:47 - 2015-02-09 13:47 - 00000000 ____D () C:\SUPERDelete
2015-02-09 13:46 - 2015-02-09 13:46 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\SUPERAntiSpyware.com
2015-02-09 13:45 - 2015-02-10 11:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-09 13:45 - 2015-02-09 13:45 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-09 13:45 - 2015-02-09 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-02-09 13:45 - 2015-02-09 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-02-09 13:37 - 2015-02-09 13:37 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-09 13:37 - 2015-02-09 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-09 13:23 - 2015-02-09 13:23 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-02-09 13:23 - 2015-02-09 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 13:23 - 2015-02-09 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-02-06 14:17 - 2015-02-06 14:17 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-02-03 16:20 - 2015-02-03 16:20 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Hewlett-Packard
2015-01-26 11:55 - 2015-02-09 12:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 17:15 - 2015-01-27 12:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 17:15 - 2015-01-24 17:15 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 13:24 - 2012-01-13 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-02-16 13:24 - 2008-05-01 16:53 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Temp
2015-02-16 13:23 - 2004-08-10 12:02 - 01128526 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 13:23 - 2004-08-10 11:59 - 00000290 _____ () C:\WINDOWS\wiadebug.log
2015-02-16 13:23 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-16 13:22 - 2008-05-12 16:10 - 00000000 ____D () C:\MDT
2015-02-16 13:22 - 2004-08-10 12:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 13:21 - 2008-05-01 16:53 - 00000178 ___SH () C:\Documents and Settings\Eloise Swales\ntuser.ini
2015-02-16 13:21 - 2004-08-10 12:08 - 00032648 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-16 13:17 - 2012-06-05 07:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 13:04 - 2013-12-26 12:42 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2015-02-16 13:04 - 2009-11-12 11:50 - 00000000 ____D () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Temp
2015-02-16 13:03 - 2004-08-10 12:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-16 12:45 - 2009-06-27 02:24 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 11:55 - 2008-05-01 16:53 - 00000000 ____D () C:\Documents and Settings\Eloise Swales
2015-02-16 11:50 - 2004-08-10 11:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-10 12:10 - 2013-11-07 13:46 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-10 12:06 - 2013-11-07 13:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-09 15:59 - 2012-12-14 08:41 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\TuneUp Software
2015-02-09 15:25 - 2011-09-10 14:12 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\RobloxVersions
2015-02-09 15:24 - 2004-08-10 12:01 - 00000000 ____D () C:\Program Files\MSN
2015-02-09 15:11 - 2013-11-07 13:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-02-09 14:58 - 2004-08-10 11:51 - 00000211 __RSH () C:\boot.ini
2015-02-09 14:43 - 2011-01-27 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-02-09 13:47 - 2009-12-13 09:00 - 00000000 ____D () C:\Program Files\The Weather Channel FW
2015-02-09 13:47 - 2009-12-13 08:59 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\The Weather Channel
2015-02-09 13:47 - 2004-08-10 11:57 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-02-09 13:45 - 2013-01-05 10:40 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Facebook
2015-02-09 13:33 - 2008-04-29 17:15 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-02-09 13:33 - 2008-04-29 17:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 13:31 - 2010-08-20 15:40 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-09 13:22 - 2009-07-01 18:36 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\Unity
2015-02-09 13:22 - 2009-07-01 18:30 - 00000000 ____D () C:\Program Files\Unity
2015-02-09 13:18 - 2004-08-10 11:57 - 00185816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-09 13:16 - 2004-08-10 11:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-09 13:15 - 2010-03-01 21:18 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-09 13:12 - 2008-05-01 16:53 - 00042640 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-09 13:07 - 2010-12-15 19:46 - 00000000 ____D () C:\Program Files\real
2015-02-09 13:07 - 2008-05-01 20:15 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\Real
2015-02-09 13:04 - 2008-05-08 16:42 - 00000000 ____D () C:\Program Files\PrintMaster Platinum 17
2015-02-09 13:01 - 2008-05-09 11:09 - 00000000 ____D () C:\Program Files\Outlook Express Quick Backup
2015-02-09 13:01 - 2008-05-08 16:53 - 00000000 ____D () C:\Program Files\Web Publish
2015-02-09 13:01 - 2004-08-10 11:52 - 00000000 ____D () C:\WINDOWS\Help
2015-02-09 13:00 - 2008-04-29 17:10 - 00000000 ____D () C:\Program Files\Java
2015-02-09 12:59 - 2010-03-01 21:01 - 00000000 ____D () C:\Program Files\HP
2015-02-09 12:58 - 2010-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-02-09 12:56 - 2004-08-10 11:57 - 00006790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 12:53 - 2010-03-01 20:57 - 00010522 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-02-09 12:51 - 2010-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-02-09 12:17 - 2008-04-29 17:15 - 00000000 ____D () C:\Program Files\Google
2015-02-09 12:16 - 2013-06-10 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-09 12:16 - 2012-06-05 18:59 - 02967742 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3625653860-631505778-871109529-1006-0.dat
2015-02-09 12:16 - 2011-04-16 02:27 - 00580054 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-09 12:04 - 2008-05-01 20:32 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 12:00 - 2009-05-24 11:43 - 00000000 ____D () C:\Program Files\Garmin
2015-02-09 11:59 - 2013-07-05 16:50 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\My Documents\Garmin
2015-02-09 11:59 - 2013-06-10 19:32 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Garmin
2015-02-09 11:59 - 2012-05-31 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Garmin
2015-02-09 11:58 - 2009-05-24 11:43 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\GARMIN
2015-02-06 15:56 - 2008-10-20 14:25 - 00002539 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Dragon NaturallySpeaking 10.0.lnk
2015-02-06 15:56 - 2008-10-20 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-06 14:17 - 2012-06-05 07:05 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-06 14:17 - 2012-01-13 22:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-04 07:44 - 2009-06-27 02:24 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:02 - 2008-05-12 14:21 - 00002515 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Microsoft Office Word 2007.lnk
2015-02-03 14:35 - 2010-03-26 17:24 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\My Documents\New Folder
2015-02-03 13:54 - 2008-05-12 13:38 - 00002719 _____ () C:\Documents and Settings\Eloise Swales\Application Data\SAS7_000.DAT
2015-02-02 10:33 - 2010-07-20 14:25 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3625653860-631505778-871109529-1006.job
2015-02-01 12:40 - 2014-09-27 14:00 - 00010482 _____ () C:\Documents and Settings\Eloise Swales\My Documents\Wesley's Rent Record.xlsx
2015-02-01 12:38 - 2008-07-29 11:50 - 00002473 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Microsoft Office Excel 2007.lnk
2015-01-31 21:02 - 2011-05-28 20:02 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2015-01-26 12:04 - 2014-08-21 17:11 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Adobe
2015-01-24 17:30 - 2009-11-12 11:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2015-01-24 17:30 - 2009-11-12 11:47 - 00000000 ____D () C:\Program Files\LogMeIn
2015-01-22 09:21 - 2014-01-26 10:09 - 00000735 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2015-01-22 09:21 - 2014-01-26 10:09 - 00000719 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-19 10:46 - 2009-11-12 11:48 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-01-19 10:46 - 2009-11-12 11:48 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-01-19 10:46 - 2009-11-12 11:47 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll

==================== Files in the root of some directories =======

2011-04-22 20:24 - 2011-04-22 20:24 - 0138056 _____ () C:\Documents and Settings\Eloise Swales\Application Data\PnkBstrK.sys
2008-05-12 13:38 - 2015-02-03 13:54 - 0002719 _____ () C:\Documents and Settings\Eloise Swales\Application Data\SAS7_000.DAT
2013-01-12 12:57 - 2013-01-12 12:57 - 0001176 ___SH () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2011-12-20 21:44 - 2011-12-20 21:44 - 0000946 ___SH () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\338746g7b825m842w374y8huq4t2
2012-05-03 06:12 - 2012-05-03 06:12 - 0000532 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\datos.txt
2008-05-01 20:31 - 2013-05-09 23:05 - 0012800 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-29 10:27 - 2012-08-29 10:27 - 0027520 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\dt.dat
2012-06-02 07:38 - 2012-06-02 07:38 - 1669208 _____ (Setup ©                       ) C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\funmoods.exe
2011-09-03 12:34 - 2011-09-03 12:34 - 0000136 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\fusioncache.dat
2012-05-14 05:38 - 2012-05-14 05:38 - 0043976 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\save_en.bmp
2012-05-14 05:38 - 2012-05-14 05:38 - 0043976 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\save_es.bmp
2012-05-22 03:21 - 2012-05-22 03:21 - 20480000 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\store-pp.jbs

Files to move or delete:
====================
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE1.dat
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences.dat
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences2.dat
C:\Documents and Settings\Eloise Swales\jagex__preferences3.dat


Some content of TEMP:
====================
C:\Documents and Settings\Eloise Swales\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Eloise Swales\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 Results of screen317's Security Check version 0.99.96  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 AVG 2014     
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 CCleaner     
  Java 64-bit 8 Update 31  
 Adobe Flash Player     16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 



#8 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 16 February 2015 - 03:29 PM

Hi DavideL,

Even though you stated you knew XP is no longer supported, I need to give the waring just the same.

Important information regarding Windows XP

Microsoft will no longer offer support for Windows XP beginning on April 8, 2014

If you are running Windows XP, please take the time to read the information provided at these links.=========================

bullseye_zpse9eaf36e.gif SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    WhiteSmoke
    
    :folderfind
    WhiteSmoke
    
    :regfind
    WhiteSmoke
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt

    =========================

    bullseye_zpse9eaf36e.gif FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Start
    CloseProcesses:
    HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {78beed44-4874-11dd-9afa-001ec93c8dc9} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {8ed540a4-5d8e-11dd-9afe-001ec93c8dc9} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {c7b1220c-60dc-11df-82f5-001ec93c8dc9} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {da9dcb10-d288-11e3-858a-001ec93c8dc9} - F:\LaunchU3.exe
    HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {fbe71df8-25c2-11dd-9aec-001ec93c8dc9} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-3625653860-631505778-871109529-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
    Toolbar: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> No Name - {57425636-0076-A76A-76A7-7A786E7484D7} -  No File
    Toolbar: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} -  No File
    Filter: text/html - {2fb0d6c8-08e1-4a64-a3ce-fa61d8f89ba9} -  No File
    CHR HomePage: Default -> hxxp://search.babylon.com/?affID=122786&tt=gc_&babsrc=HP_ss_gin2g&mntrId=D97C001EC93C8DC9
    CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=122786&tt=gc_&babsrc=HP_ss_gin2g&mntrId=D97C001EC93C8DC9", "hxxp://search.conduit.com/?ctid=CT3301943&SearchSource=48&CUI=UN23109231842225424&UM=2"
    CHR DefaultSearchKeyword: Default -> babylon.com
    CHR DefaultSearchURL: Default -> http://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
    2015-02-16 12:06 - 2015-02-16 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software
    2015-02-09 15:59 - 2012-12-14 08:41 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\TuneUp Software
    C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE.dat
    C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE1.dat
    C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences.dat
    C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences2.dat
    C:\Documents and Settings\Eloise Swales\jagex__preferences3.dat
    EmptyTemp:
    Hosts:
    End
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt
  • What Firewall are you using?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#9 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 16 February 2015 - 05:07 PM

Thanks for your concern regarding XP. :)

 

The non-profit has zero computer budget, donated computers with great software and a document center and laser printer that only work with XP. Thus, the need to salvage this newly-donated machine and its Office software. There is no internet connection in the building so aside from some slow performance, the risk of infection is minimal and this pc will serve them well. :)

 

The firewall they are using is AVG Internet Security (paid version). The program's opening screen indicates that the firewall is active. Clicking on Security Center to verify gives the error: Due to an unidentified problem, Windows cannot display Windows Firewall settings. Not sure if that is relevant.

 

WhiteSmoke New Toolbar still appears in the Add or Remove Programs List

 

Here are the logs requested:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 16/02/2015 by Eloise Swales
Administrator - Elevation successful

========== filefind ==========

Searching for "WhiteSmoke"
No files found.

========== folderfind ==========

Searching for "WhiteSmoke"
No folders found.

========== regfind ==========

Searching for "WhiteSmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"c:\program files\whitesmoke_new\uninstall.exe"="Conduit Toolbar Uninstall"
[HKEY_CURRENT_USER\Software\Smartbar\CR\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_New%22%7D"
[HKEY_CURRENT_USER\Software\Smartbar\CR\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%7D"
[HKEY_CURRENT_USER\Software\Smartbar\CR\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661007799818___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661007799818%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%225.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.20.1.508%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661007799818%22%2C%22onBeforeLoadData%22%
[HKEY_CURRENT_USER\Software\WhiteSmoke_New]
[HKEY_CURRENT_USER\Software\WhiteSmoke_New\toolbar]
"WebServerUrl"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\WhiteSmoke_New\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_CURRENT_USER\Software\WhiteSmoke_New\toolbar]
"DisplayName"="WhiteSmoke New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_New Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"DisplayName"="WhiteSmoke New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"HelpLink"="http://WhiteSmokeNew.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"Publisher"="WhiteSmoke New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"URLInfoAbout"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"DisplayIcon"="C:\Program Files\WhiteSmoke_New\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"UninstallString"="C:\Program Files\WhiteSmoke_New\uninstall.exe toolbar"
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"c:\program files\whitesmoke_new\uninstall.exe"="Conduit Toolbar Uninstall"
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\Smartbar\CR\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_New%22%7D"
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\Smartbar\CR\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%7D"
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\Smartbar\CR\ChromeExtData\klibnahbojhkanfgaglnlalfkgpcppfi\Repository]
"gadgetsContextHash_130068661007799818___klibnahbojhkanfgaglnlalfkgpcppfi"="%7B%22appId%22%3A%22130068661007799818%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2231.0.1650.63%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%225.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3289847%22%2C%22oID%22%3A%22CT3289847%22%2C%22name%22%3A%22WhiteSmoke_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeNew.OurToolbar.com/%22%2C%22version%22%3A%2210.20.1.508%22%2C%22cID%22%3A%22klibnahbojhkanfgaglnlalfkgpcppfi%22%7D%2C%22appId%22%3A%22130068661
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\WhiteSmoke_New]
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\WhiteSmoke_New\toolbar]
"WebServerUrl"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\WhiteSmoke_New\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_USERS\S-1-5-21-3625653860-631505778-871109529-1006\Software\WhiteSmoke_New\toolbar]
"DisplayName"="WhiteSmoke New"

-= EOF =-

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by Eloise Swales at 2015-02-16 16:58:41 Run:2
Running from C:\Documents and Settings\Eloise Swales\Desktop
Loaded Profiles: Eloise Swales & Administrator (Available profiles: Eloise Swales & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {78beed44-4874-11dd-9afa-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {8ed540a4-5d8e-11dd-9afe-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {c7b1220c-60dc-11df-82f5-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {da9dcb10-d288-11e3-858a-001ec93c8dc9} - F:\LaunchU3.exe
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {fbe71df8-25c2-11dd-9aec-001ec93c8dc9} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
Toolbar: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> No Name - {57425636-0076-A76A-76A7-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> No Name - {4F524A2D-5354-2D53-5045-7A786E7484D7} -  No File
Filter: text/html - {2fb0d6c8-08e1-4a64-a3ce-fa61d8f89ba9} -  No File
CHR HomePage: Default -> hxxp://search.babylon.com/?affID=122786&tt=gc_&babsrc=HP_ss_gin2g&mntrId=D97C001EC93C8DC9
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=122786&tt=gc_&babsrc=HP_ss_gin2g&mntrId=D97C001EC93C8DC9", "hxxp://search.conduit.com/?ctid=CT3301943&SearchSource=48&CUI=UN23109231842225424&UM=2"
CHR DefaultSearchKeyword: Default -> babylon.com
CHR DefaultSearchURL: Default -> http://search.babylon.com/?q={searchTerms}&affID=122786&tt=gc_&babsrc=SP_ss_gin2g&mntrId=D97C001EC93C8DC9
2015-02-16 12:06 - 2015-02-16 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software
2015-02-09 15:59 - 2012-12-14 08:41 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\TuneUp Software
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE1.dat
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences.dat
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences2.dat
C:\Documents and Settings\Eloise Swales\jagex__preferences3.dat
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-3625653860-631505778-871109529-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78beed44-4874-11dd-9afa-001ec93c8dc9}" => Key deleted successfully.
HKCR\CLSID\{78beed44-4874-11dd-9afa-001ec93c8dc9} => Key not found.
"HKU\S-1-5-21-3625653860-631505778-871109529-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ed540a4-5d8e-11dd-9afe-001ec93c8dc9}" => Key deleted successfully.
HKCR\CLSID\{8ed540a4-5d8e-11dd-9afe-001ec93c8dc9} => Key not found.
"HKU\S-1-5-21-3625653860-631505778-871109529-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7b1220c-60dc-11df-82f5-001ec93c8dc9}" => Key deleted successfully.
HKCR\CLSID\{c7b1220c-60dc-11df-82f5-001ec93c8dc9} => Key not found.
"HKU\S-1-5-21-3625653860-631505778-871109529-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da9dcb10-d288-11e3-858a-001ec93c8dc9}" => Key deleted successfully.
HKCR\CLSID\{da9dcb10-d288-11e3-858a-001ec93c8dc9} => Key not found.
"HKU\S-1-5-21-3625653860-631505778-871109529-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbe71df8-25c2-11dd-9aec-001ec93c8dc9}" => Key deleted successfully.
HKCR\CLSID\{fbe71df8-25c2-11dd-9aec-001ec93c8dc9} => Key not found.
"HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}" => Key deleted successfully.
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{57425636-0076-A76A-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{57425636-0076-A76A-76A7-7A786E7484D7} => Key not found.
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5354-2D53-5045-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F524A2D-5354-2D53-5045-7A786E7484D7} => Key not found.
"HKCR\PROTOCOLS\Filter\text/html" => Key deleted successfully.
HKCR\CLSID\{2fb0d6c8-08e1-4a64-a3ce-fa61d8f89ba9} => Key not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\TuneUp Software => Moved successfully.
C:\Documents and Settings\Eloise Swales\Application Data\TuneUp Software => Moved successfully.
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Documents and Settings\Eloise Swales\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences.dat => Moved successfully.
C:\Documents and Settings\Eloise Swales\jagex_runescape_preferences2.dat => Moved successfully.
C:\Documents and Settings\Eloise Swales\jagex__preferences3.dat => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 4.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:58:43 ====



#10 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 16 February 2015 - 06:03 PM

Hi ddwebgurl ,

Thank you for the detailed explaination about the use of XP.

Navigate to this location: c:\program files\whitesmoke_new\uninstall.exe and double click on the uninstall.exe file

Reboot after you have completed the uninstall task.

Report back with the results.

How is the computer running at the moment?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#11 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 16 February 2015 - 06:22 PM

The whitesmoke_new folder does not exist. I'm wondering if parts of this were removed previously? That might explain why it does nothing in the Add or Remove Programs list. Can we remove the pieces?

 

The computer seems to be running OK. Opening My Computer is a bit slower than I'd like, but that may be unrelated. Programs seem to open and run fine. I have yet to connect to the internet to see if anything happens. I've been transferring these files back and forth with another computer that's online.



#12 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 16 February 2015 - 06:29 PM

Hi ddwebgurl ,

The whitesmoke_new folder does not exist. I'm wondering if parts of this were removed previously? That might explain why it does nothing in the Add or Remove Programs list. Can we remove the pieces?

 

That is most likely the cause, and yes we will attempt to remove the remnants, let's continue ...

 

=========================

 

As you can see by your Security Check log your hard drive is quite fragmented.

 

`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11%

 

=========================

bullseye_zpse9eaf36e.gif Disk Defragmenter for XP

  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • AdwCleaner[S1].txt
  • FRST.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#13 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 17 February 2015 - 07:29 AM

The system was defragmented. My Computer takes about 12 seconds to list the hard drive and CD drive every time it's opened. I originally suspected it was the flash drive I'm using to transfer files, but it's been removed. Other than that, the computer is running fine.

 

WhiteSmoke New Toolbar entry remains in Add or Remove Programs

 

Here are the logs requested:

 

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 06:51:33
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Eloise Swales - ELOISE
# Running from : C:\Documents and Settings\Eloise Swales\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [31893 bytes] - [16/02/2015 13:08:16]
AdwCleaner[R1].txt - [1022 bytes] - [17/02/2015 06:46:38]
AdwCleaner[S0].txt - [32425 bytes] - [16/02/2015 13:10:40]
AdwCleaner[S1].txt - [953 bytes] - [17/02/2015 06:51:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1011  bytes] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Eloise Swales (administrator) on ELOISE on 17-02-2015 06:57:14
Running from C:\Documents and Settings\Eloise Swales\Desktop
Loaded Profiles: Eloise Swales (Available profiles: Eloise Swales & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [124200 2007-09-17] (CyberLink Corp.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-26] (Intel Corporation)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-19] (HP)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Nuance.ctfmngr] => C:\Program Files\Nuance\NaturallySpeaking10\Program\ctfmngr.exe [46440 2009-02-13] (Nuance Communications, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2015-02-09] (SUPERAntiSpyware)
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {2d9e6548-bbff-11e3-8585-001ec93c8dc9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\MountPoints2: {ef629b7f-141d-11e4-85a0-001ec93c8dc9} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080430
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.centurylink.net/
HKU\S-1-5-21-3625653860-631505778-871109529-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3625653860-631505778-871109529-1006] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {587A2621-EE37-E2A1-482C-6542E54F4617} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3625653860-631505778-871109529-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: I Want This - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\crossriderapp2258@crossrider.com [2012-05-26]
FF Extension: GamePlayLabs Plugin - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\plugin@gameplaylabs.com [2011-03-05]
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010-11-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Eloise Swales\Application Data\Mozilla\Firefox\Profiles\lcw8781e.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-01-24]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-26]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-31]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKU\.DEFAULT\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (HeadlineAlley) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\foaankepehnmhagcnademjmcehlganjl [2014-12-29]
CHR Extension: (WeatherBlink) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iagcpbojonfafbgbmkdplkoobcenmpll [2014-12-01]
CHR Extension: (Connect DLC) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhodfgapkpmcepkmcohmfkneadpikmkd [2013-06-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (TidyNetwork.com) - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obkdkhmjcmakecacaalddelnfdodbipp [2013-05-29]
CHR HKLM\...\Chrome\Extension: [mhodfgapkpmcepkmcohmfkneadpikmkd] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\mhodfgapkpmcepkmcohmfkneadpikmkd.crx [Not Found]
CHR HKU\S-1-5-21-3625653860-631505778-871109529-1006\...\Chrome\Extension: [mhodfgapkpmcepkmcohmfkneadpikmkd] - C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\CRE\mhodfgapkpmcepkmcohmfkneadpikmkd.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79168 2007-06-20] (Broadcom Corporation)
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c9ad8c3baf53e4; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 6to4; C:\WINDOWS\system32\6to4ex.dll [X]
S2 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R4 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2007-06-20] (Broadcom Corporation) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-08-26] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-08-26] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-08-26] (HP)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 06:57 - 2015-02-17 06:57 - 00019322 _____ () C:\Documents and Settings\Eloise Swales\Desktop\FRST.txt
2015-02-16 16:55 - 2015-02-16 16:57 - 00011540 _____ () C:\Documents and Settings\Eloise Swales\Desktop\SystemLook.txt
2015-02-16 16:53 - 2015-02-16 16:47 - 00139264 _____ () C:\Documents and Settings\Eloise Swales\Desktop\SystemLook.exe
2015-02-16 13:29 - 2015-02-16 13:09 - 00852594 _____ () C:\Documents and Settings\Eloise Swales\Desktop\SecurityCheck.exe
2015-02-16 13:23 - 2015-02-16 13:47 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Desktop\already posted
2015-02-16 13:08 - 2015-02-17 06:51 - 00000000 ____D () C:\AdwCleaner
2015-02-16 13:03 - 2015-02-16 13:02 - 01388274 _____ (Thisisu) C:\Documents and Settings\Eloise Swales\Desktop\JRT.exe
2015-02-16 13:03 - 2015-02-16 13:02 - 01125888 _____ (Farbar) C:\Documents and Settings\Eloise Swales\Desktop\FRST.exe
2015-02-16 13:03 - 2015-02-16 13:01 - 02112512 _____ () C:\Documents and Settings\Eloise Swales\Desktop\AdwCleaner.exe
2015-02-16 12:06 - 2015-02-16 12:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\TuneUp Software
2015-02-16 11:54 - 2015-02-16 11:54 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Desktop\tdsskiller
2015-02-16 11:53 - 2015-02-16 11:53 - 00004715 _____ () C:\WINDOWS\setupapi.log
2015-02-10 12:06 - 2015-02-10 12:06 - 00025901 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2015-02-10 12:05 - 2015-02-10 12:06 - 00034733 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-02-10 12:04 - 2015-02-10 12:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2015-02-10 11:32 - 2015-02-17 06:57 - 00000000 ____D () C:\FRST
2015-02-10 11:32 - 2015-02-10 11:28 - 01124352 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-02-09 15:58 - 2015-02-09 15:58 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-09 15:57 - 2015-02-09 15:57 - 00000757 _____ () C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Program Files\Magical Jelly Bean
2015-02-09 15:57 - 2015-02-09 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
2015-02-09 14:43 - 2015-02-09 15:30 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\NPE
2015-02-09 13:47 - 2015-02-09 13:47 - 00000000 ____D () C:\SUPERDelete
2015-02-09 13:46 - 2015-02-09 13:46 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\SUPERAntiSpyware.com
2015-02-09 13:45 - 2015-02-10 11:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-09 13:45 - 2015-02-09 13:45 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-09 13:45 - 2015-02-09 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-02-09 13:45 - 2015-02-09 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-02-09 13:37 - 2015-02-09 13:37 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-09 13:37 - 2015-02-09 13:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-09 13:23 - 2015-02-09 13:23 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-02-09 13:23 - 2015-02-09 13:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-09 13:23 - 2015-02-09 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-02-06 14:17 - 2015-02-06 14:17 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-02-03 16:20 - 2015-02-03 16:20 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Hewlett-Packard
2015-01-26 11:55 - 2015-02-09 12:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 17:15 - 2015-01-27 12:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-24 17:15 - 2015-01-24 17:15 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-24 17:15 - 2015-01-24 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 06:57 - 2008-05-01 16:53 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Temp
2015-02-17 06:53 - 2004-08-10 12:02 - 01148914 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 06:53 - 2004-08-10 11:59 - 00000288 _____ () C:\WINDOWS\wiadebug.log
2015-02-17 06:53 - 2004-08-10 11:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-17 06:52 - 2008-05-12 16:10 - 00000000 ____D () C:\MDT
2015-02-17 06:52 - 2004-08-10 12:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-17 06:51 - 2008-05-01 16:53 - 00000178 ___SH () C:\Documents and Settings\Eloise Swales\ntuser.ini
2015-02-17 06:51 - 2004-08-10 12:08 - 00032648 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-17 06:44 - 2009-06-27 02:24 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 06:17 - 2012-06-05 07:06 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-17 05:24 - 2012-01-13 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-02-16 18:17 - 2008-05-12 14:21 - 00002515 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Microsoft Office Word 2007.lnk
2015-02-16 16:58 - 2008-05-01 16:53 - 00000000 ____D () C:\Documents and Settings\Eloise Swales
2015-02-16 13:04 - 2013-12-26 12:42 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2015-02-16 13:04 - 2009-11-12 11:50 - 00000000 ____D () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Temp
2015-02-16 13:03 - 2004-08-10 12:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-16 11:50 - 2004-08-10 11:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-10 12:10 - 2013-11-07 13:46 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-10 12:06 - 2013-11-07 13:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-09 15:25 - 2011-09-10 14:12 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\RobloxVersions
2015-02-09 15:24 - 2004-08-10 12:01 - 00000000 ____D () C:\Program Files\MSN
2015-02-09 15:11 - 2013-11-07 13:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2015-02-09 14:58 - 2004-08-10 11:51 - 00000211 __RSH () C:\boot.ini
2015-02-09 14:43 - 2011-01-27 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-02-09 13:47 - 2009-12-13 09:00 - 00000000 ____D () C:\Program Files\The Weather Channel FW
2015-02-09 13:47 - 2009-12-13 08:59 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\The Weather Channel
2015-02-09 13:47 - 2004-08-10 11:57 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-02-09 13:45 - 2013-01-05 10:40 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Facebook
2015-02-09 13:33 - 2008-04-29 17:15 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-02-09 13:33 - 2008-04-29 17:13 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-09 13:31 - 2010-08-20 15:40 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-09 13:22 - 2009-07-01 18:36 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\Unity
2015-02-09 13:22 - 2009-07-01 18:30 - 00000000 ____D () C:\Program Files\Unity
2015-02-09 13:18 - 2004-08-10 11:57 - 00185816 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-09 13:16 - 2004-08-10 11:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-09 13:15 - 2010-03-01 21:18 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-09 13:12 - 2008-05-01 16:53 - 00042640 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-09 13:07 - 2010-12-15 19:46 - 00000000 ____D () C:\Program Files\real
2015-02-09 13:07 - 2008-05-01 20:15 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\Real
2015-02-09 13:04 - 2008-05-08 16:42 - 00000000 ____D () C:\Program Files\PrintMaster Platinum 17
2015-02-09 13:01 - 2008-05-09 11:09 - 00000000 ____D () C:\Program Files\Outlook Express Quick Backup
2015-02-09 13:01 - 2008-05-08 16:53 - 00000000 ____D () C:\Program Files\Web Publish
2015-02-09 13:01 - 2004-08-10 11:52 - 00000000 ____D () C:\WINDOWS\Help
2015-02-09 13:00 - 2008-04-29 17:10 - 00000000 ____D () C:\Program Files\Java
2015-02-09 12:59 - 2010-03-01 21:01 - 00000000 ____D () C:\Program Files\HP
2015-02-09 12:56 - 2004-08-10 11:57 - 00006790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-09 12:53 - 2010-03-01 20:57 - 00010522 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-02-09 12:51 - 2010-03-01 21:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP
2015-02-09 12:17 - 2008-04-29 17:15 - 00000000 ____D () C:\Program Files\Google
2015-02-09 12:16 - 2013-06-10 19:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2015-02-09 12:16 - 2012-06-05 18:59 - 02967742 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3625653860-631505778-871109529-1006-0.dat
2015-02-09 12:16 - 2011-04-16 02:27 - 00580054 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-02-09 12:04 - 2008-05-01 20:32 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-02-09 12:00 - 2009-05-24 11:43 - 00000000 ____D () C:\Program Files\Garmin
2015-02-09 11:59 - 2013-07-05 16:50 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\My Documents\Garmin
2015-02-09 11:59 - 2013-06-10 19:32 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Garmin
2015-02-09 11:59 - 2012-05-31 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Garmin
2015-02-09 11:58 - 2009-05-24 11:43 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Application Data\GARMIN
2015-02-06 15:56 - 2008-10-20 14:25 - 00002539 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Dragon NaturallySpeaking 10.0.lnk
2015-02-06 15:56 - 2008-10-20 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-02-06 14:17 - 2012-06-05 07:05 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-06 14:17 - 2012-01-13 22:34 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-04 07:44 - 2009-06-27 02:24 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 14:35 - 2010-03-26 17:24 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\My Documents\New Folder
2015-02-03 13:54 - 2008-05-12 13:38 - 00002719 _____ () C:\Documents and Settings\Eloise Swales\Application Data\SAS7_000.DAT
2015-02-02 10:33 - 2010-07-20 14:25 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3625653860-631505778-871109529-1006.job
2015-02-01 12:40 - 2014-09-27 14:00 - 00010482 _____ () C:\Documents and Settings\Eloise Swales\My Documents\Wesley's Rent Record.xlsx
2015-02-01 12:38 - 2008-07-29 11:50 - 00002473 _____ () C:\Documents and Settings\Eloise Swales\Desktop\Microsoft Office Excel 2007.lnk
2015-01-31 21:02 - 2011-05-28 20:02 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2015-01-26 12:04 - 2014-08-21 17:11 - 00000000 ____D () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\Adobe
2015-01-24 17:30 - 2009-11-12 11:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2015-01-24 17:30 - 2009-11-12 11:47 - 00000000 ____D () C:\Program Files\LogMeIn
2015-01-19 10:46 - 2009-11-12 11:48 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-01-19 10:46 - 2009-11-12 11:48 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-01-19 10:46 - 2009-11-12 11:47 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll

==================== Files in the root of some directories =======

2011-04-22 20:24 - 2011-04-22 20:24 - 0138056 _____ () C:\Documents and Settings\Eloise Swales\Application Data\PnkBstrK.sys
2008-05-12 13:38 - 2015-02-03 13:54 - 0002719 _____ () C:\Documents and Settings\Eloise Swales\Application Data\SAS7_000.DAT
2013-01-12 12:57 - 2013-01-12 12:57 - 0001176 ___SH () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2011-12-20 21:44 - 2011-12-20 21:44 - 0000946 ___SH () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\338746g7b825m842w374y8huq4t2
2012-05-03 06:12 - 2012-05-03 06:12 - 0000532 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\datos.txt
2008-05-01 20:31 - 2013-05-09 23:05 - 0012800 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-29 10:27 - 2012-08-29 10:27 - 0027520 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\dt.dat
2012-06-02 07:38 - 2012-06-02 07:38 - 1669208 _____ (Setup ©                       ) C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\funmoods.exe
2011-09-03 12:34 - 2011-09-03 12:34 - 0000136 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\fusioncache.dat
2012-05-14 05:38 - 2012-05-14 05:38 - 0043976 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\save_en.bmp
2012-05-14 05:38 - 2012-05-14 05:38 - 0043976 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\save_es.bmp
2012-05-22 03:21 - 2012-05-22 03:21 - 20480000 _____ () C:\Documents and Settings\Eloise Swales\Local Settings\Application Data\store-pp.jbs

Some content of TEMP:
====================
C:\Documents and Settings\Eloise Swales\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Eloise Swales\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#14 OCD

OCD

  • Malware Response Team
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:50 PM

Posted 17 February 2015 - 11:57 AM

Hi ddwebgurl ,
 

My Computer takes about 12 seconds to list the hard drive and CD drive every time it's opened. I originally suspected it was the flash drive I'm using to transfer files, but it's been removed.


I don't believe that this is a serious issue. You also need to take into account the age of the computer, this just might be the "new normal".

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
CloseProcesses:
URLSearchHook: [S-1-5-21-3625653860-631505778-871109529-1006] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {587A2621-EE37-E2A1-482C-6542E54F4617} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\S-1-5-21-3625653860-631505778-871109529-1006 -> {cca2e567-1987-4100-a3c6-5b4267084510} URL =
S3 PalmUSBD; system32\drivers\PalmUSBD.sys [X]
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================


WhiteSmoke New Toolbar entry remains in Add or Remove Programs


This is proving to be slightly stubborn. Let's try this next.

bullseye_zpse9eaf36e.gif Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • From the list of programs click on
    WhiteSmoke - (all entries, one at a time)
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • Revo results

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

#15 ddwebgurl

ddwebgurl
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 17 February 2015 - 11:58 AM

Just to let you know - I solved the slow My Computer issue. WIA was causing the problem (seems like other XP users experienced this). Disabling that was the solution.

 

Will wait to hear back from you regarding WhiteSmoke New Toolbar






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users