Jump to content

lanaStarr

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I've already done a clean install, so this thread can be closed. BTW, before the reinstall I rescanned with Microsoft Safety Scanner and used Norton Power Eraser and they also came up clean. Word to the wise - If you hear an unrecognizable accent on the other end of the phone, hang up!!!
  2. I ended up falling for the "windows tech" scam yesterday (I'm no babe in the woods - they knew about my computer, my name, etc.) Anyway, they didn't get any money, but they did get personal info (DOB, card #, last 4 ssn #, etc.). I know - DUMB! I've taken steps to protect my info and raise red flags on this end of the problem, so I'm not too concerned. My other problem is that I allowed them access to my computer using teamviewer. I didn't notice anything suspicious when they had control, and I did full system scans in safe mode afterwards. I used superantispyware, malwarebytes, and norton - all with updated databases. SAS came up with tracking cookies (nothing surprising). MWB came up with pups conduit.a (was in the profiles browser) and Open Candy (in a program I already had), and Norton came up clean. I also scanned using Microsoft safety scanner (which showed 3 infected files, but only one shown to be removed - TrojanDownloader:ASX/Wimad.J). I also used ESET Online, and it only showed the "open candy" one in MWB (it was then I decided to remove it). I've been changing passwords using my phone, and there has been no suspicious activity that I can tell on the computer. I'd still rather be safe than sorry, so before I consider the drastic step of a clean install, I would like to know if there are anymore scans or anything else that would assure me that the computer is fine. Sorry for the long post - wanted to give as much info as I could.
  3. I ran chkdsk, but did you want me to do something specific, like chkdsk /r ? I was going to give that a try. Do you recommend another site (or location on this forum) where I could get further help if needed? Again, thank you! You've been a great help.
  4. Here is the Autorun's folder: AutoRuns.zip Again, is AVG Secure Search anything to be concerned about?
  5. It didn't seem to be when I first did this the 'manual' way (removing some of those obvious crap registry files and folders - conduit, etc.). So all has been fine. The original scans (especially from malwarbytes & SAS) had gotten rid of most of the stuff that gave my mother agita. My only issue is that the startup is reeeeeally slow now (at least 3-4 min), and that started after I tried running that dds scan. Do you think you could help with that? Also, late in September I downloaded a freeware program onto my new computer that also installed avg secure search (didn't give me a box to tick off). It didn't give me problems, and I used their (avg) removal tool to get rid of it. Should I do any extra scans to get rid of anything, or am I ok? I used the remover on my mother's laptop before asking for help here, and these various scans still turned up stuff. You've been really fabulous, and I appreciate your patience and help. But I'm curious - what do you mean by it looks to be clean for the most part?
  6. Ok. Here we go.... Step 3: mbar-log-2013-10-27 (07-14-30).txtsystem-log.txt Step 4: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Microsoft Windows XP x86 Ran by Owner on Sun 10/27/2013 at 9:22:52.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3316068 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{094E8DB5-3F6D-4FD2-8EB4-D7AE8444D2DF} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\big fish games" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\defaulttab" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\strongvault" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\apn" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\big fish" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre" Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\updater19962" Successfully deleted: [Folder] "C:\Program Files\domaiq uninstaller" Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\user.js Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\addon@defaulttab.com.xpi Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\searchplugins\sweetim.xml Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{650eed71-89e2-453b-8dcf-2aa1b4ae6ef3}" Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\fctb Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd.com Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\prefs.js user_pref("CT3286042.smartbar.homepage", "true"); user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search"); user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search"); user_pref("smartbar.addressBarOwnerCTID", "CT3286042"); user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042"); user_pref("smartbar.homePageOwnerCTID", "CT3286042"); Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\minidumps [8 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 10/27/2013 at 11:13:29.89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 5: # AdwCleaner v3.010 - Report created 27/10/2013 at 11:56:38 # Updated 20/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Owner - (Owner) # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** Service Deleted : vToolbarUpdater17.0.12 ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze Folder Deleted : C:\Program Files\WinZipper Folder Deleted : C:\Program Files\Common Files\337 Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WordLayers Folder Deleted : C:\Documents and Settings\Owner\Application Data\WinZipper Folder Deleted : C:\Documents and Settings\Owner\Application Data\Alawar Stargaze Folder Deleted : C:\Documents and Settings\Owner\My Documents\PC Health Kit Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3289663 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3316068 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3294791 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3286042 Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48} Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e} Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKCU\Toolbar Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}] Key Deleted : HKCU\Software\InstalledThirdPartyPrograms Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\InstalledThirdPartyPrograms Key Deleted : HKLM\Software\LinkSwift Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\V9 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\prefs.js ] ************************* AdwCleaner[R0].txt - [10287 octets] - [27/10/2013 11:33:02] AdwCleaner[s0].txt - [10441 octets] - [27/10/2013 11:56:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10502 octets] ########## Step 6: C:\Documents and Settings\Owner\My Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames(1).exe a variant of Win32/Adware.Gamevance.DD application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames.exe a variant of Win32/Adware.Gamevance.DD application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(1).exe Win32/OpenCandy application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(2).exe Win32/OpenCandy application C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Documents and Settings\Owner\My Documents\Downloads\slot-machine.exe a variant of Win32/InstallCore.AL application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc1.exe Win32/InstallCore.EA application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc3.exe Win32/DownloadAdmin.G application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc4.exe Win32/DownloadAdmin.G application C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc5.exe Win32/DownloadAdmin.G application Step 7: Addition.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013 Ran by Owner (administrator) on Owner on 27-10-2013 16:40:54 Running from C:\Documents and Settings\Owner\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe (iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Microsoft Corporation) C:\windows\eHome\ehmsas.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [1392640 2006-11-01] (Dell Inc.) HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [intelZeroConfig] - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation) HKLM\...\Run: [intelWireless] - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [1101824 2007-10-08] (Intel Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-10-05] (RealNetworks, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [DW6] - "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" MountPoints2: {f7ddcb5e-0dc8-11e3-b0c3-0015c5bfd63b} - E:\LGAutoRun.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {7f3f960e-a836-45ca-8911-0accb522246e} - No File URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name - {7f3f960e-a836-45ca-8911-0accb522246e} - No File BHO: PETN - {9D580032-6BF3-4E7D-9A9F-C6928C6EF8DF} - C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork\petn.dll No File BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 Tcpip\..\Interfaces\{D80D2809-EEB1-4CC4-BEDF-2D45553049F0}: [NameServer]75.75.75.75,75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\inbox-search.xml FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\TelevisionFanatic.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\jzkenlkaloil@kctewplunsmgzuca.org FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: Flashblock - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF Extension: firefox-hotfix - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\firefox-hotfix@mozilla.org.xpi FF Extension: restartless.restart - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\restartless.restart@erikvold.com.xpi FF Extension: aios - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\jzkenlkaloil@kctewplunsmgzuca.org FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 N360; C:\Program Files\Norton Security Suite\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation) R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.) R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-29] (iWin Inc.) R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation) S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) S2 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [x] R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" S2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-05-26] (Cisco Systems, Inc.) S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.) R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies) R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-10-18] (Symantec Corporation) R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131025.001\IDSxpx86.sys [380824 2013-10-17] (Symantec Corporation) R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVENG.SYS [93272 2013-10-18] (Symantec Corporation) R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVEX15.SYS [1612376 2013-10-18] (Symantec Corporation) R3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation) R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-04-24] (The OpenVPN Project) S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog32.sys [x] S3 catchme; \??\C:\DOCUME~1\DIANES~1\LOCALS~1\Temp\catchme.sys [x] S4 IntelIde; No ImagePath S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [x] S3 NETw3x32; system32\DRIVERS\NETw3x32.sys [x] S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) S3 UIUSys; system32\drivers\UIUSys.sys [x] S3 w39n51; system32\DRIVERS\w39n51.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST 2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET 2013-10-27 11:32 - 2013-10-27 11:58 - 00000000 ____D C:\AdwCleaner 2013-10-27 11:31 - 2013-10-27 06:34 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe 2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT 2013-10-27 09:16 - 2013-10-27 06:30 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe 2013-10-27 07:14 - 2013-10-27 08:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-27 07:00 - 2013-10-27 07:01 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-10-27 06:59 - 2013-10-27 12:04 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar 2013-10-27 06:59 - 2013-10-27 06:27 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe 2013-10-26 04:31 - 2013-10-26 05:03 - 00000000 ___SD C:\ComboFix 2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox 2013-10-26 04:31 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe 2013-10-26 04:31 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe 2013-10-26 04:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe 2013-10-26 04:31 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe 2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt 2013-10-26 04:26 - 2013-10-26 04:24 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe 2013-10-26 02:42 - 2013-10-26 02:49 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log 2013-10-25 10:27 - 2013-10-27 13:58 - 00008222 _____ C:\windows\setupapi.log 2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt 2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC 2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache 2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-22 18:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-10-22 18:30 - 2013-08-08 03:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\All Users\Documents\mbam-setup-1.75.0.1300.exe 2013-10-22 05:04 - 2013-10-22 10:19 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-19 17:20 - 2013-10-19 17:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330 2013-10-19 16:52 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver 2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk 2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-19 01:05 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-10-19 01:05 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-19 01:05 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-19 01:05 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-19 01:05 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl 2013-10-19 01:03 - 2013-10-19 01:05 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log 2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap 2013-10-12 08:02 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! 2013-10-12 08:01 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo! 2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk 2013-10-10 06:48 - 2013-10-11 02:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache 2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar 2013-10-10 03:09 - 2013-10-10 03:10 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache 2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache 2013-10-09 03:31 - 2013-10-09 03:32 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$ 2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$ 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$ 2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$ 2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$ 2013-10-09 02:02 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\windows\system32\dllcache\hidparse.sys 2013-10-09 02:01 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbvideo.sys 2013-10-09 02:01 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbaudio.sys 2013-10-09 02:01 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\windows\system32\dllcache\irbus.sys 2013-10-09 02:00 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbccgp.sys 2013-10-09 02:00 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbd.sys 2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531} 2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar 2013-10-06 09:19 - 2013-10-06 09:17 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys 2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks 2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks 2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-10-05 04:29 - 2013-10-27 12:04 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-09-30 22:35 - 2013-10-22 10:17 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak ==================== One Month Modified Files and Folders ======= 2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST 2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe 2013-10-27 16:36 - 2012-03-31 05:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET 2013-10-27 13:58 - 2013-10-25 10:27 - 00008222 _____ C:\windows\setupapi.log 2013-10-27 12:11 - 2012-03-08 21:30 - 00007680 ___SH C:\windows\Thumbs.db 2013-10-27 12:05 - 2012-03-08 21:39 - 00000292 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-27 12:05 - 2012-03-08 11:36 - 01439697 _____ C:\windows\WindowsUpdate.log 2013-10-27 12:04 - 2013-10-27 06:59 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar 2013-10-27 12:04 - 2013-10-05 04:29 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-27 12:04 - 2012-03-08 11:33 - 00000000 ____D C:\windows\Registration 2013-10-27 12:03 - 2012-03-08 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-10-27 12:03 - 2012-03-08 06:25 - 00000159 _____ C:\windows\wiadebug.log 2013-10-27 12:03 - 2012-03-08 06:25 - 00000050 _____ C:\windows\wiaservc.log 2013-10-27 12:00 - 2012-03-08 12:13 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini 2013-10-27 12:00 - 2012-03-08 12:08 - 00032652 _____ C:\windows\SchedLgU.Txt 2013-10-27 11:58 - 2013-10-27 11:32 - 00000000 ____D C:\AdwCleaner 2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT 2013-10-27 08:51 - 2013-10-27 07:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-10-27 07:01 - 2013-10-27 07:00 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-10-27 06:34 - 2013-10-27 11:31 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe 2013-10-27 06:30 - 2013-10-27 09:16 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe 2013-10-27 06:27 - 2013-10-27 06:59 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe 2013-10-27 06:27 - 2004-08-10 07:00 - 00002206 _____ C:\windows\system32\wpa.dbl 2013-10-26 05:49 - 2013-07-03 14:56 - 00644806 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-261478967-839522115-1003-0.dat 2013-10-26 05:49 - 2013-07-01 12:02 - 00096322 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2013-10-26 05:24 - 2012-03-08 11:34 - 00000000 ____D C:\windows\system32\Restore 2013-10-26 05:03 - 2013-10-26 04:31 - 00000000 ___SD C:\ComboFix 2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox 2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt 2013-10-26 04:24 - 2013-10-26 04:26 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe 2013-10-26 04:21 - 2012-03-08 21:39 - 00000300 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-26 02:49 - 2013-10-26 02:42 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log 2013-10-25 12:10 - 2012-03-09 15:53 - 00015120 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-10-25 10:57 - 2012-03-08 06:21 - 00099848 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt 2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC 2013-10-24 00:03 - 2012-09-17 01:51 - 00000000 ____D C:\Program Files\Google 2013-10-24 00:02 - 2012-09-17 01:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2013-10-23 23:47 - 2012-03-08 13:10 - 00001324 _____ C:\windows\system32\d3d9caps.dat 2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache 2013-10-23 23:44 - 2012-03-08 12:13 - 00000000 ____D C:\Documents and Settings\Owner 2013-10-23 03:17 - 2013-02-18 22:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-10-22 22:21 - 2012-03-08 20:16 - 00000000 __HDC C:\windows\$NtUninstallKB979309$ 2013-10-22 20:47 - 2013-04-11 03:02 - 00000000 __HDC C:\windows\$NtUninstallKB2813345$ 2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-10-22 18:18 - 2013-01-19 04:39 - 00000000 ____D C:\Program Files\Pogo Games 2013-10-22 18:18 - 2012-05-28 10:48 - 00000000 ____D C:\Program Files\Slingo Supreme 2 2013-10-22 18:18 - 2012-03-08 22:40 - 00000000 ____D C:\Program Files\Xvid 2013-10-22 18:18 - 2012-03-08 12:21 - 00000000 ____D C:\Program Files\RGB 2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\GemMaster 2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\ESPNMotion 2013-10-22 18:18 - 2012-03-08 11:29 - 00000000 ____D C:\Program Files\Messenger 2013-10-22 17:26 - 2013-10-19 16:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver 2013-10-22 17:26 - 2013-10-12 08:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! 2013-10-22 17:26 - 2013-10-12 08:01 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo! 2013-10-22 17:02 - 2012-04-26 06:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-22 10:19 - 2013-10-22 05:04 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-22 10:17 - 2013-09-30 22:35 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak 2013-10-21 15:56 - 2012-12-22 05:37 - 00000300 _____ C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job 2013-10-21 04:08 - 2012-03-08 22:19 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc 2013-10-21 03:37 - 2012-03-08 21:29 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2013-10-21 03:37 - 2012-03-08 21:29 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2013-10-19 17:35 - 2012-03-08 11:33 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games 2013-10-19 17:21 - 2013-10-19 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330 2013-10-19 17:16 - 2012-09-05 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2013-10-19 17:15 - 2012-03-31 05:01 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2013-10-19 17:15 - 2012-03-08 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-19 02:40 - 2012-08-09 02:00 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Elephant Games 2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk 2013-10-19 01:47 - 2012-03-08 06:11 - 00000000 ____D C:\windows\Resources 2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-19 01:05 - 2013-10-19 01:03 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log 2013-10-19 01:05 - 2013-06-24 07:21 - 00000000 ____D C:\Program Files\Java 2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap 2013-10-13 10:09 - 2012-03-08 11:32 - 00000000 ____D C:\windows\Microsoft.NET 2013-10-13 04:08 - 2013-04-24 22:12 - 00000884 __RSH C:\Documents and Settings\Owner\ntuser.pol 2013-10-12 08:52 - 2013-04-26 20:05 - 00001657 _____ C:\windows\system32\InstallUtil.InstallLog 2013-10-11 02:51 - 2013-10-10 06:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache 2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk 2013-10-10 06:51 - 2012-04-25 13:47 - 00001584 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk 2013-10-10 06:51 - 2012-04-25 13:46 - 00000000 ____D C:\Program Files\bfgclient 2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar 2013-10-10 03:10 - 2013-10-10 03:09 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache 2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache 2013-10-09 03:54 - 2012-03-08 23:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-09 03:49 - 2012-03-08 06:22 - 00602538 _____ C:\windows\system32\PerfStringBackup.INI 2013-10-09 03:32 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$ 2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$ 2013-10-09 03:28 - 2013-07-15 12:12 - 00000000 ____D C:\windows\system32\MRT 2013-10-09 03:16 - 2012-03-08 20:30 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-10-09 03:15 - 2012-03-08 23:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$ 2013-10-09 03:10 - 2012-03-08 20:46 - 00000000 ____D C:\windows\ie8updates 2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$ 2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$ 2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531} 2013-10-08 07:50 - 2013-10-19 01:05 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2013-10-08 07:46 - 2013-10-19 01:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-10-08 07:46 - 2013-10-19 01:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-10-08 07:46 - 2013-10-19 01:05 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-10-08 07:29 - 2013-10-19 01:05 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl 2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google 2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar 2013-10-06 09:17 - 2013-10-06 09:19 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys 2013-10-06 04:38 - 2012-03-08 12:47 - 00048640 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks 2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks 2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks 2013-10-05 14:29 - 2012-12-22 05:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks 2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared 2013-10-05 14:27 - 2012-12-22 05:29 - 00201872 _____ (RealNetworks, Inc.) C:\windows\system32\rmoc3260.dll 2013-10-05 14:27 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real 2013-10-05 14:26 - 2012-12-22 05:28 - 00272896 _____ (Progressive Networks) C:\windows\system32\pncrt.dll 2013-10-05 14:26 - 2012-12-22 05:28 - 00006656 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5016.dll 2013-10-05 14:26 - 2012-12-22 05:28 - 00005632 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5032.dll 2013-10-05 05:01 - 2013-07-12 19:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe 2013-10-05 04:41 - 2012-03-09 00:39 - 00000000 ____D C:\GameHouse Games 2013-10-05 04:40 - 2012-03-09 00:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse 2013-10-05 04:40 - 2012-03-09 00:39 - 00000000 ____D C:\Program Files\RealArcade 2013-09-30 06:40 - 2012-04-01 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\dvdcss 2013-09-28 05:58 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Real Some content of TEMP: ==================== C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  7. I just noticed something. When I shut the anti-virus program off for the scans, Windows Firewall automatically came on. Do you think that couldv'e been the problem? Will post logs as I get them.
  8. I've since turned off the computer. Should I run it again? I'm going to leave it alone until you get back to me. Thank you sooo much for your patience.
  9. Uh oh - When I got that message about the recovery console, I clicked yes, and it told me about not being able to locate something about the master boot. It started to scan without disconnecting from the internet. I tried to quickly 'disable' radio, but now it has stalled. What's the next move? I'm really sorry about this.
  10. I'm sorry - didn't scroll down after reading directions . Will post as soon as the scan is done.
  11. Thank you! It's telling me that that the Windows recovery conslole is not installed and without it, it will not attempt to fix serious infections. Should I download? Also, the computer in question is running XP SP3.
  12. Note: This is a copy/paste job with some modifications. I tried inquiring about this on Bleepingcomputer - got 1 reply and no help. Saw you guys gave a better response to another with a similar problem. Hello there - I'm new, and I'm currently trying to fix my mother's computer. Ok, here we go..... My mother ended up having DNSbasic and other crud on her computer (she likes games). I managed to clear that out using Norton, SAS, and Malwarebytes. I also deleted some program folders and registry entries manually in safe mode (I know - Big NO-NO ) Anyway, I ended up with clean scans of health, and the computer and its browsers (at least firefox) was working great - fast connections, no pop-ups, no nothing . I then decided to be more thorough and try to do a "hijack this!' kind of post on another tech site just to make sure I need nothing further (like a recovery console repair). I downloaded the DDS.scr and gmer files (following Tech Support forum's instructions). Disabled my norton 360 per instructions and decided to "disable radio" on my wifi. Ran the scan and it seemed to work, but then it froze. No action whatsoever from the computer. I waited 5 min. or so and then decided to just cut the computer off - no proper shutdown. I had no other choice. Ctr+Alt+Del nor anything else was working. When I restarted the computer, the startup was a little slower - like there were more processes going on. But it started well enough, and I tried running it again. Same problem, same solution. I cut the computer back on (start up was slow again, but not any slower than before), logged back on, and moved on to the gmer file. That went just fine. Once done, I then decided to download the DDS.com DOS program from the Bleepingcomputer site. Same problem occured, and once again I just shut off the computer. This time when I cut it back on, It was VEEEERY slow at start-up (5 min. or so I waited). I then bacame concerned that I screwed up the OS since it seemed to continue to process, but didn't start up. So I cutoff while still "loading", and cut it back on again. It then prompted me that Windows didn't shut down properly........safe mode option. I clicked the safe mode option, and it was still slow to load, but at least it loaded. Deleted the dds program I downloaded, and restarted the computer - properly. Slow to start again in regular mode, but it did finally start up. Everything was VEEERY slow to load upon start-up. Downloaded the OTC program found on Bleepingcomputer, and it didn't do much good. I'm now here asking for help. I'm very sorry for this long post, but I'm hoping that a more thorough post would return an even quicker response. Thank you all for your time. And 'system restore' has been disabled since battling this, so that's not an option.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.