Jump to content

lanaStarr

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Posts posted by lanaStarr

    Fell for phone scam

    in Resolved Malware Removal Logs

    Posted

    I've already done a clean install, so this thread can be closed.  BTW, before the reinstall I rescanned with Microsoft Safety Scanner and used Norton Power Eraser and they also came up clean.

     

    Word to the wise - If you hear an unrecognizable accent on the other end of the phone, hang up!!! <_<

    Fell for phone scam

    in Resolved Malware Removal Logs

    Posted

    I ended up falling for the "windows tech" scam yesterday (I'm no babe in the woods - they knew about my computer, my name, etc.)

    Anyway, they didn't get any money, but they did get personal info (DOB, card #, last 4 ssn #, etc.). I know - DUMB! I've taken steps to protect my info and raise red flags on this end of the problem, so I'm not too concerned. My other problem is that I allowed them access to my computer using teamviewer. I didn't notice anything suspicious when they had control, and I did full system scans in safe mode afterwards. I used superantispyware, malwarebytes, and norton - all with updated databases. SAS came up with tracking cookies (nothing surprising). MWB came up with pups conduit.a (was in the profiles browser) and Open Candy (in a program I already had), and Norton came up clean. I also scanned using Microsoft safety scanner (which showed 3 infected files, but only one shown to be removed - TrojanDownloader:ASX/Wimad.J). I also used ESET Online, and it only showed the "open candy" one in MWB (it was then I decided to remove it).

    I've been changing passwords using my phone, and there has been no suspicious activity that I can tell on the computer. I'd still rather be safe than sorry, so before I consider the drastic step of a clean install, I would like to know if there are anymore scans or anything else that would assure me that the computer is fine.

    Sorry for the long post - wanted to give as much info as I could.

    Slow windows startup after computer froze during DDS program scan

    in Resolved Malware Removal Logs

    Posted

    It didn't seem to be when I first did this the 'manual' way (removing some of those obvious crap registry files and folders - conduit, etc.).  So all has been fine.  The original scans (especially from malwarbytes & SAS) had gotten rid of most of the stuff that gave my mother agita.  My only issue is that the startup is reeeeeally slow now (at least 3-4 min), and that started after I tried running that dds scan.  Do you think you could help with that?  Also, late in September I downloaded a freeware program onto my new computer that also installed avg secure search (didn't give me a box to tick off).  It didn't give me problems, and I used their (avg) removal tool to get rid of it.  Should I do any extra scans to get rid of anything, or am I ok?  I used the remover on my mother's laptop before asking for help here, and these various scans still turned up stuff.

     

    You've been really fabulous, and I appreciate your patience and help.  But I'm curious - what do you mean by it looks to be clean for the most part? :blink:

     

    :lol:

    Slow windows startup after computer froze during DDS program scan

    in Resolved Malware Removal Logs

    Posted

    Ok. Here we go....

     

    Step 3: mbar-log-2013-10-27 (07-14-30).txtsystem-log.txt

     

    Step 4:  

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.7 (10.15.2013:3)
    OS: Microsoft Windows XP x86
    Ran by Owner on Sun 10/27/2013 at  9:22:52.95
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3316068
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{094E8DB5-3F6D-4FD2-8EB4-D7AE8444D2DF}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



    ~~~ Files

    Successfully deleted: [File] "C:\end"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\big fish games"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\defaulttab"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\strongvault"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\apn"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\big fish"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre"
    Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\updater19962"
    Successfully deleted: [Folder] "C:\Program Files\domaiq uninstaller"
    Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



    ~~~ FireFox

    Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\user.js
    Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\addon@defaulttab.com.xpi
    Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
    Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\searchplugins\sweetim.xml
    Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{650eed71-89e2-453b-8dcf-2aa1b4ae6ef3}"
    Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\fctb
    Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd.com
    Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\prefs.js

    user_pref("CT3286042.smartbar.homepage", "true");

    user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
    user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");

    user_pref("smartbar.addressBarOwnerCTID", "CT3286042");


    user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042");
    user_pref("smartbar.homePageOwnerCTID", "CT3286042");

    Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\minidumps [8 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 10/27/2013 at 11:13:29.89
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

    Step 5: 

    # AdwCleaner v3.010 - Report created 27/10/2013 at 11:56:38
    # Updated 20/10/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Owner - (Owner)
    # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : vToolbarUpdater17.0.12

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
    Folder Deleted : C:\Program Files\WinZipper
    Folder Deleted : C:\Program Files\Common Files\337
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WordLayers
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\WinZipper
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Alawar Stargaze
    Folder Deleted : C:\Documents and Settings\Owner\My Documents\PC Health Kit
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3289663
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3316068
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3294791
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3286042
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
    Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKCU\Toolbar
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
    Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
    Key Deleted : HKLM\Software\LinkSwift
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\V9
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [10287 octets] - [27/10/2013 11:33:02]
    AdwCleaner[s0].txt - [10441 octets] - [27/10/2013 11:56:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10502 octets] ##########

     

     

    Step 6:

     

    C:\Documents and Settings\Owner\My Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application
    C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames(1).exe    a variant of Win32/Adware.Gamevance.DD application
    C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames.exe    a variant of Win32/Adware.Gamevance.DD application
    C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(1).exe    Win32/OpenCandy application
    C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(2).exe    Win32/OpenCandy application
    C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames.exe    Win32/OpenCandy application
    C:\Documents and Settings\Owner\My Documents\Downloads\slot-machine.exe    a variant of Win32/InstallCore.AL application
    C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc1.exe    Win32/InstallCore.EA application
    C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc3.exe    Win32/DownloadAdmin.G application
    C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc4.exe    Win32/DownloadAdmin.G application
    C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc5.exe    Win32/DownloadAdmin.G application

    Step 7:  Addition.txt

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013
    Ran by Owner (administrator) on Owner on 27-10-2013 16:40:54
    Running from C:\Documents and Settings\Owner\Desktop
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
    (Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
    (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
    (iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
    (Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Microsoft Corporation) C:\windows\eHome\ehmsas.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
    (Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    (RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
    HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [1392640 2006-11-01] (Dell Inc.)
    HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u
    HKLM\...\Run: [intelZeroConfig] - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation)
    HKLM\...\Run: [intelWireless] - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [1101824 2007-10-08] (Intel Corporation)
    HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
    HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-10-05] (RealNetworks, Inc.)
    HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKCU\...\Run: [DW6] - "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    MountPoints2: {f7ddcb5e-0dc8-11e3-b0c3-0015c5bfd63b} - E:\LGAutoRun.exe

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: HKCU - (No Name) - {7f3f960e-a836-45ca-8911-0accb522246e} -  No File
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll No File
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: No Name - {7f3f960e-a836-45ca-8911-0accb522246e} -  No File
    BHO: PETN - {9D580032-6BF3-4E7D-9A9F-C6928C6EF8DF} - C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork\petn.dll No File
    BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll No File
    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
    Tcpip\..\Interfaces\{D80D2809-EEB1-4CC4-BEDF-2D45553049F0}: [NameServer]75.75.75.75,75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\inbox-search.xml
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\TelevisionFanatic.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
    FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\jzkenlkaloil@kctewplunsmgzuca.org
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF Extension: Flashblock - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    FF Extension: firefox-hotfix - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\firefox-hotfix@mozilla.org.xpi
    FF Extension: restartless.restart - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\restartless.restart@erikvold.com.xpi
    FF Extension: aios - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
    FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\jzkenlkaloil@kctewplunsmgzuca.org
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
    FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
    FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
    FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

    ========================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
    R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    R2 N360; C:\Program Files\Norton Security Suite\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
    R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
    R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-29] (iWin Inc.)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation )
    R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation)
    S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
    S2 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [x]
    R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
    S2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [x]

    ==================== Drivers (Whitelisted) ====================

    R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-05-26] (Cisco Systems, Inc.)
    S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
    S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
    S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
    R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies)
    R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-10-18] (Symantec Corporation)
    R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131025.001\IDSxpx86.sys [380824 2013-10-17] (Symantec Corporation)
    R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVENG.SYS [93272 2013-10-18] (Symantec Corporation)
    R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVEX15.SYS [1612376 2013-10-18] (Symantec Corporation)
    R3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation)
    R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
    R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
    R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
    R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-22] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation)
    R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-04-24] (The OpenVPN Project)
    S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog32.sys [x]
    S3 catchme; \??\C:\DOCUME~1\DIANES~1\LOCALS~1\Temp\catchme.sys [x]
    S4 IntelIde; No ImagePath
    S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [x]
    S3 NETw3x32; system32\DRIVERS\NETw3x32.sys [x]
    S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [x]
    U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
    S3 UIUSys; system32\drivers\UIUSys.sys [x]
    S3 w39n51; system32\DRIVERS\w39n51.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST
    2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
    2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET
    2013-10-27 11:32 - 2013-10-27 11:58 - 00000000 ____D C:\AdwCleaner
    2013-10-27 11:31 - 2013-10-27 06:34 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe
    2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT
    2013-10-27 09:16 - 2013-10-27 06:30 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
    2013-10-27 07:14 - 2013-10-27 08:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2013-10-27 07:00 - 2013-10-27 07:01 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2013-10-27 06:59 - 2013-10-27 12:04 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar
    2013-10-27 06:59 - 2013-10-27 06:27 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe
    2013-10-26 04:31 - 2013-10-26 05:03 - 00000000 ___SD C:\ComboFix
    2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox
    2013-10-26 04:31 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe
    2013-10-26 04:31 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe
    2013-10-26 04:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2013-10-26 04:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2013-10-26 04:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2013-10-26 04:31 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
    2013-10-26 04:31 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe
    2013-10-26 04:31 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe
    2013-10-26 04:31 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe
    2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt
    2013-10-26 04:26 - 2013-10-26 04:24 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    2013-10-26 02:42 - 2013-10-26 02:49 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log
    2013-10-25 10:27 - 2013-10-27 13:58 - 00008222 _____ C:\windows\setupapi.log
    2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt
    2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC
    2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2013-10-22 18:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2013-10-22 18:30 - 2013-08-08 03:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\All Users\Documents\mbam-setup-1.75.0.1300.exe
    2013-10-22 05:04 - 2013-10-22 10:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-10-19 17:20 - 2013-10-19 17:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
    2013-10-19 16:52 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver
    2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
    2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java
    2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2013-10-19 01:05 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
    2013-10-19 01:05 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2013-10-19 01:05 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2013-10-19 01:05 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2013-10-19 01:05 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl
    2013-10-19 01:03 - 2013-10-19 01:05 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
    2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap
    2013-10-12 08:02 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
    2013-10-12 08:01 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo!
    2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
    2013-10-10 06:48 - 2013-10-11 02:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache
    2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar
    2013-10-10 03:09 - 2013-10-10 03:10 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache
    2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache
    2013-10-09 03:31 - 2013-10-09 03:32 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$
    2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$
    2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$
    2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$
    2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$
    2013-10-09 02:02 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\windows\system32\dllcache\hidparse.sys
    2013-10-09 02:01 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbvideo.sys
    2013-10-09 02:01 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbaudio.sys
    2013-10-09 02:01 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\windows\system32\dllcache\irbus.sys
    2013-10-09 02:00 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbccgp.sys
    2013-10-09 02:00 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbd.sys
    2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531}
    2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar
    2013-10-06 09:19 - 2013-10-06 09:17 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
    2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks
    2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks
    2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
    2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared
    2013-10-05 04:29 - 2013-10-27 12:04 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job
    2013-09-30 22:35 - 2013-10-22 10:17 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak

    ==================== One Month Modified Files and Folders =======

    2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST
    2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
    2013-10-27 16:36 - 2012-03-31 05:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET
    2013-10-27 13:58 - 2013-10-25 10:27 - 00008222 _____ C:\windows\setupapi.log
    2013-10-27 12:11 - 2012-03-08 21:30 - 00007680 ___SH C:\windows\Thumbs.db
    2013-10-27 12:05 - 2012-03-08 21:39 - 00000292 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job
    2013-10-27 12:05 - 2012-03-08 11:36 - 01439697 _____ C:\windows\WindowsUpdate.log
    2013-10-27 12:04 - 2013-10-27 06:59 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar
    2013-10-27 12:04 - 2013-10-05 04:29 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job
    2013-10-27 12:04 - 2012-03-08 11:33 - 00000000 ____D C:\windows\Registration
    2013-10-27 12:03 - 2012-03-08 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2013-10-27 12:03 - 2012-03-08 06:25 - 00000159 _____ C:\windows\wiadebug.log
    2013-10-27 12:03 - 2012-03-08 06:25 - 00000050 _____ C:\windows\wiaservc.log
    2013-10-27 12:00 - 2012-03-08 12:13 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
    2013-10-27 12:00 - 2012-03-08 12:08 - 00032652 _____ C:\windows\SchedLgU.Txt
    2013-10-27 11:58 - 2013-10-27 11:32 - 00000000 ____D C:\AdwCleaner
    2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT
    2013-10-27 08:51 - 2013-10-27 07:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2013-10-27 07:01 - 2013-10-27 07:00 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2013-10-27 06:34 - 2013-10-27 11:31 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe
    2013-10-27 06:30 - 2013-10-27 09:16 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
    2013-10-27 06:27 - 2013-10-27 06:59 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe
    2013-10-27 06:27 - 2004-08-10 07:00 - 00002206 _____ C:\windows\system32\wpa.dbl
    2013-10-26 05:49 - 2013-07-03 14:56 - 00644806 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-261478967-839522115-1003-0.dat
    2013-10-26 05:49 - 2013-07-01 12:02 - 00096322 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    2013-10-26 05:24 - 2012-03-08 11:34 - 00000000 ____D C:\windows\system32\Restore
    2013-10-26 05:03 - 2013-10-26 04:31 - 00000000 ___SD C:\ComboFix
    2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox
    2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt
    2013-10-26 04:24 - 2013-10-26 04:26 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    2013-10-26 04:21 - 2012-03-08 21:39 - 00000300 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job
    2013-10-26 02:49 - 2013-10-26 02:42 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log
    2013-10-25 12:10 - 2012-03-09 15:53 - 00015120 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2013-10-25 10:57 - 2012-03-08 06:21 - 00099848 _____ C:\windows\system32\FNTCACHE.DAT
    2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt
    2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC
    2013-10-24 00:03 - 2012-09-17 01:51 - 00000000 ____D C:\Program Files\Google
    2013-10-24 00:02 - 2012-09-17 01:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google
    2013-10-23 23:47 - 2012-03-08 13:10 - 00001324 _____ C:\windows\system32\d3d9caps.dat
    2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache
    2013-10-23 23:44 - 2012-03-08 12:13 - 00000000 ____D C:\Documents and Settings\Owner
    2013-10-23 03:17 - 2013-02-18 22:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-10-22 22:21 - 2012-03-08 20:16 - 00000000 __HDC C:\windows\$NtUninstallKB979309$
    2013-10-22 20:47 - 2013-04-11 03:02 - 00000000 __HDC C:\windows\$NtUninstallKB2813345$
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2013-10-22 18:18 - 2013-01-19 04:39 - 00000000 ____D C:\Program Files\Pogo Games
    2013-10-22 18:18 - 2012-05-28 10:48 - 00000000 ____D C:\Program Files\Slingo Supreme 2
    2013-10-22 18:18 - 2012-03-08 22:40 - 00000000 ____D C:\Program Files\Xvid
    2013-10-22 18:18 - 2012-03-08 12:21 - 00000000 ____D C:\Program Files\RGB
    2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\GemMaster
    2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\ESPNMotion
    2013-10-22 18:18 - 2012-03-08 11:29 - 00000000 ____D C:\Program Files\Messenger
    2013-10-22 17:26 - 2013-10-19 16:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver
    2013-10-22 17:26 - 2013-10-12 08:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
    2013-10-22 17:26 - 2013-10-12 08:01 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo!
    2013-10-22 17:02 - 2012-04-26 06:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-10-22 10:19 - 2013-10-22 05:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-10-22 10:17 - 2013-09-30 22:35 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
    2013-10-21 15:56 - 2012-12-22 05:37 - 00000300 _____ C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job
    2013-10-21 04:08 - 2012-03-08 22:19 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
    2013-10-21 03:37 - 2012-03-08 21:29 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2013-10-21 03:37 - 2012-03-08 21:29 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2013-10-19 17:35 - 2012-03-08 11:33 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
    2013-10-19 17:21 - 2013-10-19 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
    2013-10-19 17:16 - 2012-09-05 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
    2013-10-19 17:15 - 2012-03-31 05:01 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
    2013-10-19 17:15 - 2012-03-08 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-19 02:40 - 2012-08-09 02:00 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Elephant Games
    2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
    2013-10-19 01:47 - 2012-03-08 06:11 - 00000000 ____D C:\windows\Resources
    2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java
    2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2013-10-19 01:05 - 2013-10-19 01:03 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
    2013-10-19 01:05 - 2013-06-24 07:21 - 00000000 ____D C:\Program Files\Java
    2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap
    2013-10-13 10:09 - 2012-03-08 11:32 - 00000000 ____D C:\windows\Microsoft.NET
    2013-10-13 04:08 - 2013-04-24 22:12 - 00000884 __RSH C:\Documents and Settings\Owner\ntuser.pol
    2013-10-12 08:52 - 2013-04-26 20:05 - 00001657 _____ C:\windows\system32\InstallUtil.InstallLog
    2013-10-11 02:51 - 2013-10-10 06:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache
    2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
    2013-10-10 06:51 - 2012-04-25 13:47 - 00001584 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
    2013-10-10 06:51 - 2012-04-25 13:46 - 00000000 ____D C:\Program Files\bfgclient
    2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar
    2013-10-10 03:10 - 2013-10-10 03:09 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
    2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache
    2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache
    2013-10-09 03:54 - 2012-03-08 23:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-10-09 03:49 - 2012-03-08 06:22 - 00602538 _____ C:\windows\system32\PerfStringBackup.INI
    2013-10-09 03:32 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$
    2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$
    2013-10-09 03:28 - 2013-07-15 12:12 - 00000000 ____D C:\windows\system32\MRT
    2013-10-09 03:16 - 2012-03-08 20:30 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2013-10-09 03:15 - 2012-03-08 23:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$
    2013-10-09 03:10 - 2012-03-08 20:46 - 00000000 ____D C:\windows\ie8updates
    2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$
    2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$
    2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531}
    2013-10-08 07:50 - 2013-10-19 01:05 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
    2013-10-08 07:46 - 2013-10-19 01:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
    2013-10-08 07:46 - 2013-10-19 01:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
    2013-10-08 07:46 - 2013-10-19 01:05 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
    2013-10-08 07:29 - 2013-10-19 01:05 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl
    2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar
    2013-10-06 09:17 - 2013-10-06 09:19 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
    2013-10-06 04:38 - 2012-03-08 12:47 - 00048640 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks
    2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks
    2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
    2013-10-05 14:29 - 2012-12-22 05:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
    2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared
    2013-10-05 14:27 - 2012-12-22 05:29 - 00201872 _____ (RealNetworks, Inc.) C:\windows\system32\rmoc3260.dll
    2013-10-05 14:27 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
    2013-10-05 14:26 - 2012-12-22 05:28 - 00272896 _____ (Progressive Networks) C:\windows\system32\pncrt.dll
    2013-10-05 14:26 - 2012-12-22 05:28 - 00006656 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5016.dll
    2013-10-05 14:26 - 2012-12-22 05:28 - 00005632 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5032.dll
    2013-10-05 05:01 - 2013-07-12 19:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
    2013-10-05 04:41 - 2012-03-09 00:39 - 00000000 ____D C:\GameHouse Games
    2013-10-05 04:40 - 2012-03-09 00:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse
    2013-10-05 04:40 - 2012-03-09 00:39 - 00000000 ____D C:\Program Files\RealArcade
    2013-09-30 06:40 - 2012-04-01 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\dvdcss
    2013-09-28 05:58 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Real

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================

     

     

     

     

    Slow windows startup after computer froze during DDS program scan

    in Resolved Malware Removal Logs

    Posted

    Note:  This is a copy/paste job with some modifications.  I tried inquiring about this on Bleepingcomputer - got 1 reply and no help. Saw you guys gave a better response to another with a similar problem.

     

     


    Hello there  :)  - I'm new, and I'm currently trying to fix my mother's computer.

    Ok, here we go.....

    My mother ended up having DNSbasic and other crud on her computer (she likes games).  I managed to clear that out using Norton, SAS, and Malwarebytes.  I also deleted some program folders and registry entries manually in safe mode (I know - Big NO-NO :rolleyes: )

    Anyway, I ended up with clean scans of health, and the computer and its browsers (at least firefox) was working great - fast connections, no pop-ups, no nothing  :D.  I then decided to be more thorough and try to do a "hijack this!' kind of post on another tech site just to make sure I need nothing further (like a recovery console repair).

    I downloaded the DDS.scr and gmer files (following Tech Support forum's instructions).  Disabled my norton 360 per instructions and decided to "disable radio" on my wifi.  Ran the scan and it seemed to work, but then it froze.  No action whatsoever from the computer.  I waited 5 min. or so and then decided to just cut the computer off - no proper shutdown.  I had no other choice.  Ctr+Alt+Del nor anything else was working.

    When I restarted the computer, the startup was a little slower - like there were more processes going on.  But it started well enough, and I tried running it again.  Same problem, same solution.  I cut the computer back on (start up was slow again, but not any slower than before), logged back on, and moved on to the gmer file.  That went just fine.

    Once done, I then decided to download the DDS.com DOS program from the Bleepingcomputer site.  Same problem occured, and once again I just shut off the computer.

    This time when I cut it back on, It was VEEEERY slow at start-up (5 min. or so I waited). I then bacame concerned that I screwed up the OS since it seemed to continue to process, but didn't start up.  So I cutoff while still "loading", and cut it back on again.  It then prompted me that Windows didn't shut down properly........safe mode option.  I clicked the safe mode option, and it was still slow to load, but at least it loaded.  Deleted the dds program I downloaded, and restarted the computer - properly.  Slow to start again in regular mode, but it did finally start up.  Everything was VEEERY slow to load upon start-up.  Downloaded the OTC program found on Bleepingcomputer, and it didn't do much good.  I'm now here asking for help.

    I'm very sorry for this long post, but I'm hoping that a more thorough post would return an even quicker response.

    Thank you all for your time. :)

    And 'system restore' has been disabled since battling this, so that's not an option.
     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.