Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow computer and virus detections


  • This topic is locked This topic is locked
7 replies to this topic

#1 rrfogg

rrfogg

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 22 May 2015 - 09:23 AM

Hi,

 

My computer is very slow.  It takes a long time to open any programs and especially long to do anything on the internet.  I use Kaspersky and it keeps detecting viruses but does not get rid of them.  Below is the frst txt log and attached is the addition txt.

 

Thanks very much for your help.

 

Robert

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015
Ran by Admin (administrator) on FOGG01 on 22-05-2015 09:56:00
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Assistant & Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(brother Industries Ltd) C:\WINDOWS\system32\BRSVC01A.EXE
(brother Industries Ltd) C:\WINDOWS\system32\BRSS01A.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\WINDOWS\SMINST\Scheduler.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16250880 2006-07-04] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [86016 2006-07-21] (Intel Corporation)
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [98304 2006-07-21] (Intel Corporation)
HKLM-x32\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAShCut.exe [61952 2005-01-07] (Windows ® Server 2003 DDK provider)
HKLM-x32\...\Run: [SDMSSplash] => C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe [86016 2006-03-10] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [279576 2006-07-14] (PDF Complete Inc)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [81920 2006-07-21] (Intel Corporation)
HKLM-x32\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [888832 2006-04-24] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll [2012-12-20] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1324087666-304828411-393066261-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-05-21] (Google Inc.)
HKU\S-1-5-18\...\Run: [Norton Download Manager{NF2959-PROD-FSD3202}] => C:\Program Files\Norton Management\Engine\3.2.2.12\ccSvcHst.exe /m
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P211018-SHPD-FSD40014}] => C:\Program Files\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe /m
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2014-04-03] (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110790&tt=120912_cpc_3812_2&babsrc=HP_ss&mntrId=064e2270000000000000000e3b0e4499
URLSearchHook: HKU\S-1-5-21-1324087666-304828411-393066261-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> Backup.Old.DefaultScope {72F7F428-4433-4416-8121-D8731D51F885}
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-03] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-04-03] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-16] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-03] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-02-28] (Google Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-16] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-03] (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default
FF NewTab: 
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll [2014-08-02] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-16] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\user.js [2015-03-23]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-11-23] (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\askcom.xml [2013-08-31]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\safesearch.xml [2013-10-19]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\Search.xml [2012-09-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.5.9\coFFFw
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-03-19]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-19]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-03-19]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-03-19]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-03-19]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-17]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Safe Money) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-09-17]
CHR Extension: (Content Blocker) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-09-17]
CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-09-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Kaspersky Protection) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-09-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR Extension: (Anti-Banner) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-17]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Documents and Settings\Admin\Local Settings\Application Data\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2001-11-23] (brother Industries Ltd)
R2 CSObjectsSrv; C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) []
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks) []
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [534040 2006-07-14] (PDF Complete Inc)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S4 adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [105472 2002-05-08] (Adaptec, Inc.) []
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [67584 2006-04-07] (Broadcom Corporation)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) []
R0 CSCrySec; C:\WINDOWS\System32\DRIVERS\CSCrySec.sys [88632 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\WINDOWS\System32\DRIVERS\CSVirtualDiskDrv.sys [39736 2011-06-02] (Infowatch)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-04-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [595008 2014-06-09] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145224 2015-02-19] (Kaspersky Lab ZAO)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-27] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-27] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic) []
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) []
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-09] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 RT73; system32\DRIVERS\rt73.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-22 09:56 - 2015-05-22 09:57 - 00025046 _____ () C:\Documents and Settings\Admin\Desktop\FRST.txt
2015-05-22 09:54 - 2015-05-22 09:56 - 00000000 ____D () C:\FRST
2015-05-22 09:49 - 2015-05-22 09:50 - 01146880 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2015-05-17 14:36 - 2015-05-21 14:41 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090d06829b80a.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-22 09:57 - 2007-10-07 19:44 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2015-05-22 09:53 - 2011-01-10 22:08 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B00209D7-6A75-4320-AFFF-CBDD0AB25F1F}.job
2015-05-22 09:46 - 2013-01-13 00:04 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-22 09:39 - 2010-09-07 09:39 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 09:36 - 2014-11-12 22:37 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cffeeac9064a4e.job
2015-05-22 09:31 - 2006-04-25 13:59 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-22 08:55 - 2014-03-19 15:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-05-22 08:46 - 2013-08-26 06:56 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-22 08:35 - 2007-04-15 18:20 - 00002516 ___SH () C:\WINDOWS\system32\KGyGaAvL.sys
2015-05-22 08:16 - 2013-08-26 06:56 - 01712527 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 07:39 - 2014-09-17 14:09 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-21 14:41 - 2015-02-05 10:31 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04150719ab5f6.job
2015-05-21 10:34 - 2013-08-25 23:31 - 00001698 _____ () C:\WINDOWS\setupact.log
2015-05-21 08:24 - 2014-10-21 21:49 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfed9a6610c8da.job
2015-05-21 08:24 - 2014-06-22 13:16 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf8e3dbadd5390.job
2015-05-21 08:24 - 2007-03-15 22:24 - 00000000 ____D () C:\WINDOWS\SMINST
2015-05-21 08:24 - 2006-04-25 14:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-21 08:24 - 2006-04-25 06:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-21 08:24 - 2006-04-25 06:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-18 08:29 - 2007-10-07 19:44 - 00000278 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-05-18 08:28 - 2007-10-07 19:44 - 00000000 ____D () C:\Documents and Settings\Admin
2015-05-13 23:50 - 2011-01-10 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-13 23:45 - 2013-07-14 07:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 23:33 - 2008-08-22 08:46 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-10 18:16 - 2013-12-26 00:32 - 00001209 _____ () C:\WINDOWS\wmsetup.log
2015-05-10 18:16 - 2012-10-03 06:06 - 00000000 ____D () C:\Documents and Settings\Admin\Application Data\vlc
2015-05-10 16:31 - 2013-09-09 04:28 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-05-10 15:25 - 2015-01-15 02:05 - 00011029 _____ () C:\WINDOWS\setupapi.log
2015-05-08 15:00 - 2014-03-29 22:24 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-03 18:13 - 2011-01-10 01:56 - 00002473 _____ () C:\Documents and Settings\Admin\Desktop\Microsoft Office Excel 2007.lnk
 
==================== Files in the root of some directories =======
 
2013-07-23 16:28 - 2013-07-23 16:29 - 0006144 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-08 17:53 - 2009-09-08 17:53 - 0000128 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
2011-11-02 02:39 - 2013-10-28 01:30 - 0000850 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\ipublish.ini
2011-05-18 22:04 - 2011-05-22 20:18 - 0001940 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
Files to move or delete:
====================
C:\Documents and Settings\Assistant\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some files in TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 25 May 2015 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110790&tt=120912_cpc_3812_2&babsrc=HP_ss&mntrId=064e2270000000000000000e3b0e4499
URLSearchHook: HKU\S-1-5-21-1324087666-304828411-393066261-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByD0E0AyByEyCtBtByBtDtN0D0Tzu0CtByCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1628301467
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF user.js: detected! => C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\user.js [2015-03-23]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\askcom.xml [2013-08-31]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\safesearch.xml [2013-10-19]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\Search.xml [2012-09-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Documents and Settings\Admin\Local Settings\Application Data\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 RT73; system32\DRIVERS\rt73.sys [X]
U1 WS2IFSL; No ImagePath

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 rrfogg

rrfogg
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 25 May 2015 - 01:28 PM

Hi Nasdaq,

 

I ran both as you directed.  The computer seems a little better but still running pretty slow and my browser pages become unresponsive.

 

Below are the fixlog.txt and the adwcleaner log.

 

Thanks,

Robert

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-05-2015
Ran by Admin at 2015-05-25 13:12:26 Run:1
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Assistant & Admin & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110790&tt=120912_cpc_3812_2&babsrc=HP_ss&mntrId=064e2270000000000000000e3b0e4499
URLSearchHook: HKU\S-1-5-21-1324087666-304828411-393066261-1006 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM -> Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} ->  No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKU\S-1-5-21-1324087666-304828411-393066261-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF user.js: detected! => C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\user.js [2015-03-23]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\askcom.xml [2013-08-31]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\safesearch.xml [2013-10-19]
FF SearchPlugin: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\Search.xml [2012-09-22]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Documents and Settings\Admin\Local Settings\Application Data\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 RT73; system32\DRIVERS\rt73.sys [X]
U1 WS2IFSL; No ImagePath
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page => value Removed successfully.
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value Removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value Removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key Removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKU\S-1-5-21-1324087666-304828411-393066261-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-21-1324087666-304828411-393066261-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\BrowserMngrDefaultScope => value Removed successfully.
"HKU\S-1-5-21-1324087666-304828411-393066261-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key Removed successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key Removed successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key Removed successfully.
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}" => key Removed successfully.
HKCR\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => key Removed successfully.
HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value Removed successfully.
HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value Removed successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => key not found. 
HKU\S-1-5-21-1324087666-304828411-393066261-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value Removed successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
"HKCR\PROTOCOLS\Handler\dssrequest" => key Removed successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
"HKCR\PROTOCOLS\Handler\sacore" => key Removed successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => key not found. 
Firefox DefaultSearchEngine Removed successfully.
Firefox SearchEngineOrder.1 Removed successfully.
Firefox SelectedSearchEngine Removed successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\user.js => Moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\askcom.xml => Moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\safesearch.xml => Moved successfully.
C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\searchplugins\Search.xml => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo" => key Removed successfully.
MBAMSwissArmy => Service Removed successfully.
RT73 => Service Removed successfully.
WS2IFSL => Service Removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:12:46 ====
 
 
 
 
 
# AdwCleaner v4.205 - Logfile created 25/05/2015 at 13:33:09
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Admin - FOGG01
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FileCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\Uncompressor
Folder Deleted : C:\WINDOWS\system32\Browser Manager
Folder Deleted : C:\Documents and Settings\Admin\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Admin\Application Data\download Manager
Folder Deleted : C:\Documents and Settings\Admin\Start Menu\Programs\Browser Manager
File Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Assistant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Assistant\Application Data\GDIPFONTCACHEV1.DAT
File Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\bprotector_extensions.rdf
File Deleted : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\ll7ghjgh.default\invalidprefs.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKCU\Software\5b0da8cb63eeb41
Key Deleted : HKLM\SOFTWARE\5b0da8cb63eeb41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2B76E684-52BC-43E7-A9BA-543747D4B0D4}
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1902}
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v
 
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("browser.BabylonToolbar_i.newTab", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("browser.BabylonToolbar_i.newTabUrl", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("browser.babylon.HPOnNewTab", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110790&tt=120912_cpc_3812_2");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "27");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "1C0A910C64F9618181841673FA0F52F6");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.id", "064e2270000000000000000e3b0e4499");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15605");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1215:07:52");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"6\",\"lastVrsn\":\"6\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=064e2270000000000000000e3b0e4499&q=");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1215:07:52");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110790&tt=120912_cpc_3812_2");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1215:07:52");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.aflt", "axl");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cntry", "US");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dfltsrch", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hdrMd5", "056DFFE951AB9C06C014AFF4EFCFA401");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpg", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByD0E0AyByEyCtBtByBtDtN0D0Tzu0CtByCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1628301467");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.hrdid", "0019BB5EA7462270");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.id", "0019BB5EA7462270");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlDay", "15605");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlRef", "axl");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlday", "15605");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.instlref", "axl");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:17:40");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTab", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByD0E0AyByEyCtBtByBtDtN0D0Tzu0CtByCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1628301467");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newtab", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByD0E0AyByEyCtBtByBtDtN0D0Tzu0CtByCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1628301467");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.sg", "none");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.smplgrp", "none");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srch", "");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByD0E0AyByEyCtBtByBtDtN0D0Tzu0CtByCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1628301467&[...]
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCzy0B0ByD0E0AyByEyCtBtByBtDtN0D0Tzu0CtByCyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1628301467&[...]
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:17:40");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2215:17:40");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:17:40");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads");
[ll7ghjgh.default\prefs.js] - Line Deleted : user_pref("extentions.y2layers.installId", "02c21a73-b56c-4dc0-b9de-26d9ac8846dc");
 
-\\ Google Chrome v43.0.2357.65
 
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/
 
*************************
 
AdwCleaner[R0].txt - [15458 bytes] - [25/05/2015 13:26:29]
AdwCleaner[R1].txt - [15518 bytes] - [25/05/2015 13:31:06]
AdwCleaner[S0].txt - [16556 bytes] - [25/05/2015 13:33:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16616  bytes] ##########
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 25 May 2015 - 01:41 PM

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

#5 rrfogg

rrfogg
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 28 May 2015 - 09:17 PM

Nasdaq,

 

Sorry for the delay in responding.  I reset the browsers, but there is still a delay with programs opening.  When I start Chrome, I get a message that the pages are unresponsive and I have to choose to wait or kill the pages.  Also, I have to start outlook in safe mode and when the computer hibernates, it won't wake up.  I have to restart the computer.

 

Thanks,

 

Robert



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 29 May 2015 - 07:06 AM

For now remove any power saving functions on this computer.

http://windows.microsoft.com/en-CA/windows-xp/help/setup/configure-power-management

When done restart the computer normally.

How is the computer running now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 03 June 2015 - 08:16 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:01 AM

Posted 09 June 2015 - 10:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users