Jump to content

zeroterry66

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by zeroterry66

  1. Alright then. Thanks. I'll follow your instructions. Be back in a bit. - Regards, Terry
  2. I did the OTL scan first, and when I rebooted this popped: Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kevin ->Temp folder emptied: 221869628 bytes ->Temporary Internet Files folder emptied: 61199266 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 46048863 bytes ->Google Chrome cache emptied: 482885363 bytes ->Flash cache emptied: 94549 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 4205262 bytes ->Temporary Internet Files folder emptied: 1157335 bytes User: vn %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 9049305 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 105034892 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80290617 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 4497649 bytes Total Files Cleaned = 971.00 mb OTL by OldTimer - Version 3.2.49.0 log created on 06162012_121007 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Not sure if that's the log, but here you go. I'm not going to do the TDSSKiller download because I don't know how to create a new restore point on system restore. If you could inform me that'd be great. I really would to know the risks of this program, because I'm privy that you aren't responsible for any corruption on my computer. Thanks. - Regard, Terry
  3. Then when I clicked chrome (while another chrome tab was open), it was fine. But when I exited all the chromes and opened up a new one via clicking on the shortcut, it gave me right back to babylon. I looked at the extensions and it turned out that they were still there. I kept trying to dump them in the garbage bin option, but they'd keep coming back. But now, when I did the scans with malwarebytes, and OTL, I can finally delete the extensions for good, so I thank you for that. But babylon keeps showing up. Any ideas? Thanks for your help up until now, immensely appreciated. - Regards, Terry.
  4. I'll proceed and do the following run on OTL. As for chrome, I hadn't yet done the available updates yet, so that is what I'll do after the run on OTL. But for the extensions part. Before coming here, I did upon my research and already did that extensions tactic. Prior to your help, I deleted the extra extensions/viruses listed: (Free Ride Games, Fun moods, Giant savings, and Yontoo). Then when I clicked chrome (While another chrome ta
  5. Here's the two reports. The first one is Extras.txt OTL Extras logfile created on: 6/15/2012 9:48:29 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 53.19% Memory free 4.66 Gb Paging File | 3.69 Gb Available in Paging File | 79.13% Paging File free Paging file location(s): C:\pagefile.sys 2949 2949 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.49 Gb Total Space | 176.72 Gb Free Space | 77.01% Space Free | Partition Type: NTFS Drive E: | 3.39 Gb Total Space | 3.02 Gb Free Space | 88.94% Space Free | Partition Type: NTFS Computer Name: VN-9A9013DE595E | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1715567821-1637723038-682003330-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "58095:TCP" = 58095:TCP:*:Enabled:Pando Media Booster "58095:UDP" = 58095:UDP:*:Enabled:Pando Media Booster "58068:TCP" = 58068:TCP:*:Enabled:Pando Media Booster "58068:UDP" = 58068:UDP:*:Enabled:Pando Media Booster "56778:TCP" = 56778:TCP:*:Enabled:Pando Media Booster "56778:UDP" = 56778:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "58095:TCP" = 58095:TCP:*:Enabled:Pando Media Booster "58095:UDP" = 58095:UDP:*:Enabled:Pando Media Booster "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "58068:TCP" = 58068:TCP:*:Enabled:Pando Media Booster "58068:UDP" = 58068:UDP:*:Enabled:Pando Media Booster "56778:TCP" = 56778:TCP:*:Enabled:Pando Media Booster "56778:UDP" = 56778:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.) "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Disabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.) "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Disabled:Reactor Application "C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Program Files\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- () "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire "C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (iAnywhere Solutions, Inc.) "C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe "C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core "C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms "C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon & Fighter "C:\Documents and Settings\vn\Local Settings\Temp\RarSFX0\haloce.exe" = C:\Documents and Settings\vn\Local Settings\Temp\RarSFX0\haloce.exe:*:Enabled:Halo "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{111EBC34-C369-4d78-AD0A-FB04B62E89D3}" = QuickBooks Premier: Accountant Edition 2009 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 26 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33A783E8-DC11-427F-A56C-8ED43EEC0695}" = RPS CRT "{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35AE9CC9-10A3-4A24-87DF-A6A99BDC1969}" = Rogers Online Protection "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Premium "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{548B7B4A-B4F6-4074-A2D2-40154DC906B5}" = RPS PerfectDiskStub "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{779C01A3-8466-499D-88FC-EB820EB3AC51}" = RPS RpsCore "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2 "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Giant Savings" = Giant Savings "Google Desktop" = Google Desktop "HDMI" = Intel® Graphics Media Accelerator Driver "HP-Color LaserJet 1600" = Color LaserJet 1600 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MapleStory" = MapleStory "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PC Wizard 2010_is1" = PC Wizard 2010.1.93 "RadialpointClientGateway_is1" = Rogers Servicepoint Agent 3.7.44 "SmartSuite V99.0" = Lotus SmartSuite Release 9.5 "Steam App 31280" = Poker Night at the Inventory "Steam App 440" = Team Fortress 2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1715567821-1637723038-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Funmoods Web Search" = Funmoods Web Search "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/10/2012 11:11:03 PM | Computer Name = VN-9A9013DE595E | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/10/2012 11:11:03 PM | Computer Name = VN-9A9013DE595E | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15610 Error - 6/10/2012 11:11:03 PM | Computer Name = VN-9A9013DE595E | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15610 Error - 6/11/2012 3:43:03 PM | Computer Name = VN-9A9013DE595E | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Error - 6/11/2012 3:43:04 PM | Computer Name = VN-9A9013DE595E | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 6/11/2012 3:43:04 PM | Computer Name = VN-9A9013DE595E | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 6/12/2012 3:44:13 PM | Computer Name = VN-9A9013DE595E | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 6/13/2012 4:18:34 PM | Computer Name = VN-9A9013DE595E | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. Error - 6/13/2012 4:59:44 PM | Computer Name = VN-9A9013DE595E | Source = Application Error | ID = 1000 Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module busolution.dll, version 2.0.0.2, fault address 0x0002dd4b. Error - 6/15/2012 3:45:32 PM | Computer Name = VN-9A9013DE595E | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL. [ System Events ] Error - 6/15/2012 4:01:25 PM | Computer Name = VN-9A9013DE595E | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 6/15/2012 4:01:41 PM | Computer Name = VN-9A9013DE595E | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%2 Error - 6/15/2012 5:14:34 PM | Computer Name = VN-9A9013DE595E | Source = Disk | ID = 262151 Description = The device, \Device\Harddisk0\D, has a bad block. Error - 6/15/2012 5:14:53 PM | Computer Name = VN-9A9013DE595E | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%2 Error - 6/15/2012 9:22:24 PM | Computer Name = VN-9A9013DE595E | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%2 Error - 6/15/2012 9:37:50 PM | Computer Name = VN-9A9013DE595E | Source = DCOM | ID = 10010 Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout. Error - 6/15/2012 9:38:13 PM | Computer Name = VN-9A9013DE595E | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%2 < End of report > Here is the OTL.txt one. OTL logfile created on: 6/15/2012 9:48:29 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Kevin\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.93 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 53.19% Memory free 4.66 Gb Paging File | 3.69 Gb Available in Paging File | 79.13% Paging File free Paging file location(s): C:\pagefile.sys 2949 2949 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 229.49 Gb Total Space | 176.72 Gb Free Space | 77.01% Space Free | Partition Type: NTFS Drive E: | 3.39 Gb Total Space | 3.02 Gb Free Space | 88.94% Space Free | Partition Type: NTFS Computer Name: VN-9A9013DE595E | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/15 21:47:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\My Documents\Downloads\OTL.exe PRC - [2012/06/07 04:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe PRC - [2011/01/04 16:51:14 | 004,318,520 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe PRC - [2011/01/04 16:51:14 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/06/07 15:10:06 | 000,378,088 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RPS.exe PRC - [2010/06/07 15:10:06 | 000,166,944 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe PRC - [2010/06/07 15:09:06 | 000,382,208 | ---- | M] (Rogers) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe PRC - [2010/06/07 13:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe PRC - [2010/06/07 13:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe PRC - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ========== Modules (No Company Name) ========== MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2012/05/02 18:34:23 | 004,050,944 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll MOD - [2012/05/02 18:34:23 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll MOD - [2011/07/11 15:40:53 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\BDCoreEngines\BDCoreSet1\avxdisk.dll MOD - [2011/01/04 16:42:24 | 000,158,208 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\Windows7Features.dll MOD - [2010/06/07 13:40:44 | 000,147,456 | ---- | M] () -- C:\Program Files\Rogers Backup Manager\libexpat.dll MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2009/11/06 12:53:08 | 000,202,752 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\smartscn.dll MOD - [2009/11/02 16:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll MOD - [2009/11/02 16:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll MOD - [2009/10/23 14:25:54 | 000,225,280 | ---- | M] () -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\bdfltlib.dll MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [1998/02/05 15:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2012/05/19 00:12:46 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/07/11 15:47:54 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\scan.dll -- (scan) SRV - [2011/01/04 16:51:20 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\ServicepointService.exe -- (ServicepointService) SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/06/07 15:10:06 | 000,166,944 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\RpsSecurityAwareR.exe -- (Radialpoint Security Services) SRV - [2010/06/07 15:09:06 | 000,382,208 | ---- | M] (Rogers) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe -- (RP_FWS) SRV - [2010/06/07 13:46:12 | 000,120,048 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientUpgrade.exe -- (VaultClientUpgrade) SRV - [2010/06/07 13:46:08 | 001,053,936 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Rogers Backup Manager\VaultClientSRV.exe -- (VaultClientSRV) SRV - [2010/04/28 16:30:00 | 003,555,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2009/11/02 16:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent) SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine) SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent) SRV - [2008/09/10 03:33:38 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/09 22:01:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID) DRV - File not found [File_System | System | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTS5121.sys -- (RSUSBSTOR) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/06/15 21:38:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AED673B5-638B-45FF-B6D5-42E19AAC9FB2}\MpKslbeb2bc74.sys -- (MpKslbeb2bc74) DRV - [2011/07/11 15:23:07 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86) DRV - [2010/03/27 21:25:24 | 000,190,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010/03/22 23:04:30 | 000,186,880 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink DRV - [2010/03/22 23:03:46 | 000,805,888 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2009/11/26 10:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\trufos.sys -- (Trufos) DRV - [2009/11/26 10:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\BitDefender\profos.sys -- (Profos) DRV - [2009/11/06 13:55:08 | 001,590,528 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009/11/02 16:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver) DRV - [2009/11/02 16:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter) DRV - [2009/11/02 16:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Rogers Online Protection\Rogers Online Protection\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim) DRV - [2009/11/02 16:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH) DRV - [2009/10/23 14:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\82487682.sys -- (82487682) DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\54388852.sys -- (54388852) DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\39457852.sys -- (39457852) DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\38450232.sys -- (38450232) DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\3945785.sys -- (setup_9.0.0.722_20.05.2011_20-09drv) DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\82487681.sys -- (82487681) DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\54388851.sys -- (54388851) DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\39457851.sys -- (39457851) DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\38450231.sys -- (38450231) DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2009/04/08 02:32:48 | 000,116,224 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2009/02/14 04:21:22 | 000,985,856 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2009/02/14 04:20:44 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2009/02/14 04:20:40 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/12/31 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2XzutAtN2Y1L1QzuyBtDtC0AtDyE0DyEyD0AyCtAyD0EyC0DtN0D0TzutBtDtCtBtDyCtCtA&cr=389084581 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{42BF44A5-84A3-F1D2-E21C-6751A593D530}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=irtest1&chnl=irtest1&cd=2XzutAtN2Y1L1QzuyBtDtC0AtDyE0DyEyD0AyCtAyD0EyC0DtN0D0TzutBtDtCtBtDyCtCtA&cr=389084581 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=113480&tt=060612_7_&babsrc=HP_ss_cr&mntrId=a0e85e6d000000000000701a04d45a63 IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_7_&babsrc=SP_ss&mntrId=a0e85e6d000000000000701a04d45a63 IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes\{42BF44A5-84A3-F1D2-E21C-6751A593D530}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enCA403 IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_enCA403 IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\SearchScopes\{DE2304E2-4A16-4C9B-987D-4A5ED9F7BEAF}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_def_cr&affID=113480" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=113480&tt=060612_7_&babsrc=KW_ss&mntrId=a0e85e6d000000000000701a04d45a63&q=" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=113480&tt=060612_7_&babsrc=HP_ss&mntrId=a0e85e6d000000000000701a04d45a63" FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll (Rogers) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Kevin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/13 17:00:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/15 16:47:28 | 000,000,000 | ---D | M] [2011/05/22 00:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions [2012/06/13 17:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\i3b2qwbn.default\extensions [2011/05/22 17:11:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\i3b2qwbn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/06/13 16:55:57 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\i3b2qwbn.default\extensions\crossriderapp4479@crossrider.com [2012/05/01 08:32:36 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\i3b2qwbn.default\extensions\ffxtlbr@funmoods.com [2012/06/13 16:59:45 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\i3b2qwbn.default\extensions\plugin@yontoo.com [2012/06/13 17:00:07 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\i3b2qwbn.default\searchplugins\Search.xml [2011/12/02 19:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/08/13 19:27:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/08/13 19:27:22 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.moz-backup [2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml.moz-backup ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Kevin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Rogers Servicepoint Agent (Enabled) = C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Late Night = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2004/08/12 09:19:39 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [RogersServicepointAgent.exe] C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe (Rogers) O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005..\Run: [Facebook Update] C:\Documents and Settings\Kevin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found O4 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005..\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270403661984 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270408861109 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CA0CCAD-695E-4A8A-8632-DA6893F8BE11}: DhcpNameServer = 64.71.255.198 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/04 02:29:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1715567821-1637723038-682003330-1005\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/13 17:06:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/13 17:06:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2012/06/13 16:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012/06/13 16:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2012/06/13 16:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods [2012/06/13 16:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Download [2012/06/13 16:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Media Finder [2012/06/13 16:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Giant Savings [2012/06/13 16:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Giant Savings [2012/06/13 16:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012/06/13 16:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Babylon [2012/05/22 17:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Sonic [2012/05/22 17:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\Leadertech [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ] [12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/15 21:42:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/06/15 21:37:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc21912e72de5a.job [2012/06/15 21:37:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/15 21:36:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/15 21:30:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1637723038-682003330-1005UA.job [2012/06/15 21:25:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc21912ec3ee4e.job [2012/06/15 17:30:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1637723038-682003330-1005Core.job [2012/06/15 17:15:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1715567821-1637723038-682003330-1005UA.job [2012/06/15 17:15:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1715567821-1637723038-682003330-1005Core.job [2012/06/15 17:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/06/14 15:42:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/13 16:59:11 | 000,302,425 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\funmoods-speeddial.crx [2012/06/13 16:59:11 | 000,031,470 | ---- | M] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\funmoods.crx [2012/06/13 16:57:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat [2012/06/13 16:56:34 | 000,000,250 | ---- | M] () -- C:\user.js [2012/06/12 16:39:02 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Google Chrome.lnk [2012/06/12 16:39:02 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/05/30 17:02:55 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\Kevin\default.pls [2012/05/19 12:29:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Kevin\My Documents\*.tmp files -> C:\Documents and Settings\Kevin\My Documents\*.tmp -> ] [12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/14 15:42:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/13 16:59:51 | 000,302,425 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\funmoods-speeddial.crx [2012/06/13 16:59:35 | 000,031,470 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\funmoods.crx [2012/06/13 16:57:33 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2012/06/13 16:56:24 | 000,000,250 | ---- | C] () -- C:\user.js [2012/03/17 19:49:01 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2012/03/17 19:48:39 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe [2012/03/17 16:48:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/07/08 12:26:45 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\B1177596.SYS [2011/07/05 11:53:02 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\drivers\4A4FF898.SYS [2011/07/01 23:02:55 | 000,057,468 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/05/29 21:56:40 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/23 00:04:07 | 000,016,888 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\lve82i237hxsjaryk8w3mvf1u371i42cp370811vt [2011/05/23 00:04:07 | 000,016,888 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\lve82i237hxsjaryk8w3mvf1u371i42cp370811vt [2011/05/21 23:54:37 | 000,016,904 | -HS- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\605mcc14d74nw837 [2011/05/20 13:15:53 | 000,016,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837 [2010/06/22 19:10:02 | 000,170,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat ========== LOP Check ========== [2011/07/22 10:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2012/06/13 16:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2011/05/23 19:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge [2010/09/12 22:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2011/01/27 00:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon [2012/01/12 21:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS [2012/01/12 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2012/01/21 19:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint [2011/07/11 15:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rogers Online Protection [2010/10/12 17:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development [2012/06/13 16:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2010/04/04 23:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2010/08/13 19:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/06/13 16:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Babylon [2011/06/14 20:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\FrostWire [2012/05/22 17:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech [2012/06/13 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Media Finder [2011/05/29 10:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\NeopleLauncherDFO [2011/07/11 15:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Rogers Online Protection [2011/12/29 23:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sony Online Entertainment [2011/11/06 13:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\SYSTEMAX Software Development [2011/09/29 20:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\VirtualStore [2012/06/15 17:15:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1715567821-1637723038-682003330-1005Core.job [2012/06/15 17:15:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1715567821-1637723038-682003330-1005UA.job [2012/06/15 21:42:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012/06/15 17:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== < End of report > Report back to me as soon as you can Thanks. - Regards, Terry
  6. Alright well, I scanned with the malwarebytes latest version, and deleted the 38 detected items, but the babylon search engine is still there. I don't know if I should scan with malwarebytes anymore to see if there's another virus. I'll just follow your steps for now, but please tell me where we're going with this, it'd be greatly appreciated.
  7. Here is the other log. The one where I've removed the detected items. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.15.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Kevin :: VN-9A9013DE595E [administrator] 6/15/2012 4:27:24 PM mbam-log-2012-06-15 (16-27-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203641 Time elapsed: 22 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 30 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. Restarting my computer now. Please send your feedback asap. Thanks. - Regards, Terry
  8. The results are in. This time, there are double the amounts of malware. 38 detected items. Here is the infected log before I remove. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.15.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Kevin :: VN-9A9013DE595E [administrator] 6/15/2012 4:27:24 PM mbam-log-2012-06-15 (17-07-45) Problem Babylon Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203641 Time elapsed: 22 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 30 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> No action taken. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> No action taken. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> No action taken. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> No action taken. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken. HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken. HKCR\f (PUP.Funmoods) -> No action taken. HKCR\CrossriderApp0004479.BHO (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0004479.BHO.1 (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0004479.FBApi (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0004479.FBApi.1 (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0004479.Sandbox (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0004479.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLab) -> No action taken. HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLab) -> No action taken. HKCR\TypeLib\{44444444-4444-4444-4444-440044444479} (PUP.GamePlayLab) -> No action taken. HKCR\Interface\{55555555-5555-5555-5555-550055445579} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLab) -> No action taken. Registry Values Detected: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken. HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> No action taken. C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> No action taken. C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> No action taken. C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> No action taken. C:\Program Files\Giant Savings\Giant Savings.dll (PUP.GamePlayLab) -> No action taken. (end) I'll show you the remove selected log in a bit. - Regards, Terry
  9. Alright, I updated malwarebytes. When I scanned it with the outdated version, it got rid of the "Fun Moods" icon on the bottom right hand side of my screen. The problem is, that their files are still there. Maybe if I run with the new version, it'll disappear. I'll post back the log in a bit. Thanks. - Regards, Terry.
  10. This will surely get rid of the babylon web search infected on my google chrome, correct? I did what you said and clicked remove all. I made sure to check all the viruses. I do not know what DDS is, or matter of fact, if I have it or not. Is it a perk for malwarebytes? Well, anyways, I clicked remove all and it says I must restart my computer, and that I'll do. Also, when I clicked the remove all button, this popped up: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.04.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Kevin :: VN-9A9013DE595E [administrator] 6/14/2012 4:15:49 PM mbam-log-2012-06-14 (16-15-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193025 Time elapsed: 42 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 14 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully. HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. HKCU\Software\Cr_Installer\4479 (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 8be59e17f119de109dc266fb1e1416df -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.FunMoods) -> Quarantined and deleted successfully. C:\Documents and Settings\Kevin\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Kevin\My Documents\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. C:\Documents and Settings\Kevin\My Documents\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. (end) Not sure if this is the new log, or just something else. It has the same date under it as yesterdays. If not, I'll scan again and get the new one for you. Restarting my computer now. Thanks! - Regards, Terry
  11. I did the first step by running a quickscan on the latest version of malwarebytes. I'm not sure what I'm supposed to post, but here is the "log". What is in bold is my personal writing. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.04.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Kevin :: VN-9A9013DE595E [administrator] 6/14/2012 4:15:49 PM mbam-log-2012-06-14 (16-59-31) Babylon Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 193025 Time elapsed: 42 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 14 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken. HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.BundleInstaller.VG) -> No action taken. HKCU\Software\Cr_Installer\4479 (Adware.GamePlayLab) -> No action taken. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken. Registry Values Detected: 1 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 8be59e17f119de109dc266fb1e1416df -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.FunMoods) -> No action taken. C:\Documents and Settings\Kevin\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> No action taken. C:\Documents and Settings\Kevin\My Documents\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> No action taken. C:\Documents and Settings\Kevin\My Documents\Downloads\setup.exe (PUP.BundleInstaller.VG) -> No action taken. (end) The final quick scan showed 19 detected items. I'm not sure if I should close the scan or not, but I'll keep it open for future references. Also, there is the "Remove selected" button. I'm not so sure If I should select all the malicious software and click that, but I'll stay dormant for the moment. I won't proceed in any further actions until your response. Thanks. - Regards, Terry.
  12. Greatest apologies. I will not continue to be associated with any other illegal torrent, I promise you that. But I'm having difficulty deleting Free ride games, Fun mood web search, Giant savings, and Yontoo 1.10.02 completely from my system. And could you please clarify what you would want me to post back? The term "Logs" is new to me. Like I said before, I'm not that good with technology words. I'll follow your instructions by running a quick scan with the latest malwarebytes, but could you please advise me from there, as to what is the next step, and what it will do with my computer? The risks etc. Thanks in advance. -Regards, Terry
  13. Hi everyone. I recently downloaded a sketchy torrent, and along with that torrent came a file called, "Online Media File" Or something. Instead of what I wanted to downloaded, it downloaded something like "Free ride games" and "Fun moods" and "Giant savings". I really didn't want these files, but along came the browser called "babylon". This is the part I hate most. Everytime I access Google Chrome (My main browser), it goes up as babylon. I think I've deleted all the other malicious games, but babylon is still there. I'm not sure if System Restore, will do the trick, and I've tried almost EVERY tactic there is on forums. None worked. So I'm counting on the experts and geniuses of MalwareBytes to solve this problem to the best of their abilities. Also, I'm really not that good with Computer terms, so I need a patient guide who will bare with me. I really appreciate whoever can help me, especially those who've had this problem. Best of luck to both of us. -Regards, Terry.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.