Jump to content

SweetLoads Turns Out to be a Different Kind of Load

calintexas
 Share

Recommended Posts

calintexas

calintexas

Posted
Posted

While downloading a driver for an old LCD monitor from Cnet, I managed to get the SweetLoads load. I inadverdently/stupidly had Malwarebytes protection off at the time. WinPatrol did help with IE some. I believe I've removed Sweetloads and its friends, but I've read that others have had lots of problems ridding themselves of Sweetloads. I need an expert's review. Norton 360 and Malwarebytes full scans are both clean now. The computer seems to be running fine, and both IE and Firefox are behaving. I do have some dodgy restore points, but I want to know that all is well before dumping the good (pre 6/1) and the bad. Thanks for your help.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Cal at 16:26:30 on 2013-06-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.661 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\EscSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Cloudmark\SafetyBar\IE\cmsmhost.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\Program Files\KeyScrambler\keyscrambler.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\SYSTEM32\TASKMGR.EXE

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://my.yahoo.com

uDefault_Page_URL = hxxp://www.dell4me.com/myway

mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={1EB44711-CB1B-11E2-AAE3-000E35B20EA7}

mWindow Title = Windows Internet Explorer provided by Comcast

uProxyServer = :0

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Cloudmark SafetyBar: {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - c:\program files\cloudmark\safetybar\ie\IEAddin.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.3.1.22\ips\ipsbho.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll

TB: Cloudmark SafetyBar: {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - c:\program files\cloudmark\safetybar\ie\IEAddin.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.3.1.22\coieplg.dll

EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

EB: &Yahoo! Messenger: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatijhe.exe /ept "epltarget\P0000000000000000" /M "WF-3540 Series" /EF "HKCU"

uRunOnce: [] "c:\program files\mozilla firefox\firefox.exe" http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.1.19&build=Symantec&a=00000082.00000011.0000001f&b=00000082.00000016.00000023&c=00000082.00000045.00000119&d=00000082.00000046.000000b5

mRun: [Apoint] "c:\program files\apoint\Apoint.exe"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s

mRun: [CMSMHOST] "c:\program files\cloudmark\safetybar\ie\cmsmhost.exe" /Server

mRun: [NeroFilterCheck] "c:\windows\system32\NeroCheck.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"

mRun: [KeyScrambler] c:\program files\keyscrambler\keyscrambler.exe /a

mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"

mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Copy Location - c:\windows\web\graburl.htm

IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll

IE: {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file://d:\components\Liquid.ocx

DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file://d:\components\hidinputmonitorx.ocx

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file://d:\components\A9.ocx

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125957822983

DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{C1F63878-B6EE-4AA2-9CB2-A469FD9375A8} : DHCPNameServer = 192.168.1.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\cal\application data\mozilla\firefox\profiles\70hiutnc.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1

FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={1EB44711-CB1B-11E2-AAE3-000E35B20EA7}&q=

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\cal\application data\mozilla\firefox\profiles\70hiutnc.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-4-8 367704]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-4-8 934488]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20130515.001\BHDrvx86.sys [2013-5-27 1000024]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-4-8 134304]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-4-8 175264]

R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-4-29 122000]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-4 701512]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-19 101552]

R2 N360;Norton 360;c:\program files\norton 360\engine\20.3.1.22\ccsvchst.exe [2013-4-8 144520]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-27 681056]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20130531.001\IDSXpx86.sys [2013-6-1 373728]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-23 208920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22856]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\virusdefs\20130601.022\NAVENG.SYS [2013-6-1 93272]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\virusdefs\20130601.022\NAVEX15.SYS [2013-6-1 1611992]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]

S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-27 1326176]

S3 SGUARD;SGUARD;\??\c:\windows\system32\drivers\sguard.sys --> c:\windows\system32\drivers\SGuard.sys [?]

.

=============== Created Last 30 ================

.

2013-06-02 00:29:09 33958 ----a-w- c:\documents and settings\all users\application data\uninstaller.exe

2013-06-02 00:27:14 773968 ----a-w- c:\windows\system32\msvcr100.dll

2013-06-02 00:27:14 632656 ----a-w- c:\windows\system32\msvcr80.dll

2013-06-02 00:27:14 554832 ----a-w- c:\windows\system32\msvcp80.dll

2013-06-02 00:27:14 479232 ----a-w- c:\windows\system32\msvcm80.dll

2013-06-02 00:27:14 421200 ----a-w- c:\windows\system32\msvcp100.dll

2013-05-29 15:08:25 -------- d-----w- c:\program files\MSECache

2013-05-28 00:29:08 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll

2013-05-28 00:27:59 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe

2013-05-28 00:27:56 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2013-05-28 00:27:56 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2013-05-28 00:27:55 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2013-05-28 00:27:54 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-05-28 00:27:53 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2013-05-22 15:21:06 4325376 ----a-w- c:\documents and settings\all users\application data\ReadOnlyInstaller.msi

2013-05-19 11:04:42 124504 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2013-05-19 10:54:27 97176 ----a-w- c:\windows\system32\ElbyCDIO.dll

.

==================== Find3M ====================

.

2013-05-15 14:37:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 14:37:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-06 14:08:08 861088 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-03-06 14:08:08 782240 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 16:29:14.69 ===============

Attach.txt

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/22/2004 9:42:45 PM

System Uptime: 6/2/2013 3:51:01 PM (1 hours ago)

.

Motherboard: Dell Computer Corporation | | 0D2126

Processor: Intel® Pentium® M processor 1.80GHz | Microprocessor | 1794/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 52 GiB total, 24.73 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1866: 3/6/2013 8:06:40 AM - Removed Java 7 Update 15

RP1867: 3/6/2013 8:07:57 AM - Installed Java 7 Update 17

RP1868: 3/11/2013 12:21:49 PM - System Checkpoint

RP1869: 3/13/2013 3:01:31 PM - Software Distribution Service 3.0

RP1870: 3/27/2013 8:30:24 AM - System Checkpoint

RP1871: 3/29/2013 7:45:10 PM - System Checkpoint

RP1872: 4/2/2013 6:04:34 PM - System Checkpoint

RP1873: 4/10/2013 1:55:58 PM - Software Distribution Service 3.0

RP1874: 4/17/2013 3:12:23 PM - System Checkpoint

RP1875: 4/19/2013 9:07:33 AM - Removed Java 7 Update 17

RP1876: 4/20/2013 9:30:46 PM - System Checkpoint

RP1877: 4/23/2013 5:38:01 PM - System Checkpoint

RP1878: 4/28/2013 12:54:03 PM - System Checkpoint

RP1879: 4/29/2013 1:14:52 PM - Installed EpsonNet Print

RP1880: 4/29/2013 1:18:15 PM - Installed FAX Utility

RP1881: 4/30/2013 4:29:08 PM - System Checkpoint

RP1882: 5/6/2013 4:10:56 PM - System Checkpoint

RP1883: 5/7/2013 5:24:16 PM - System Checkpoint

RP1884: 5/8/2013 7:38:22 PM - System Checkpoint

RP1885: 5/15/2013 11:56:40 AM - System Checkpoint

RP1886: 5/15/2013 12:55:14 PM - Software Distribution Service 3.0

RP1887: 5/16/2013 12:43:54 AM - Removed Epson Customer Participation

RP1888: 5/29/2013 10:08:50 AM - Installed Compatibility Pack for the 2007 Office system

RP1889: 5/30/2013 2:40:50 PM - System Checkpoint

RP1890: 6/1/2013 9:49:13 AM - System Checkpoint

RP1891: 6/1/2013 1:22:02 PM - Software Distribution Service 3.0

RP1892: 6/1/2013 2:34:07 PM - Software Distribution Service 3.0

RP1893: 6/1/2013 7:38:50 PM - Removed ASPCA Reminder by We-Care.com v4.1.22.1

RP1894: 6/1/2013 9:08:00 PM - Removed Internet Explorer Toolbar 4.8 by SweetPacks

RP1895: 6/1/2013 11:37:32 PM - Norton 360 Registry Clean

.

==== Installed Programs ======================

.

ABBYY FineReader 5.0 Sprint Plus

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4

ALPS Touch Pad Driver

Amazon Kindle

AnyDVD

Apple Application Support

Apple Software Update

ATI Control Panel

ATI Display Driver

Broadcom Advanced Control Suite

Canon MP Navigator EX 3.0

Canon MP560 series MP Drivers

Canon MP560 series User Registration

Canon Utilities My Printer

CloneCD

CloneDVD2

CloneDVDmobile

Cloudmark SafetyBar for Internet Explorer

Comcast Desktop Software (v1.2.1)

Compatibility Pack for the 2007 Office system

Conexant D480 MDC V.9x Modem

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Media Experience Update

Dell Networking Guide

Dell Photo AIO Printer 922

Dell Picture Studio v3.0

Dell Support

Dell System Restore

Digital Line Detect

Dinosaur Hunter 2.0

Dorling Kindersley Application Database v1.4

Download Navigator

DVD Decrypter (Remove Only)

DVD Identifier

EasyCleaner

EPSON Connect version 1.0

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WF-3540 Series Printer Uninstall

EpsonNet Print

Eraser 5.8.8

FileAlyzer 2

G5a922EN

Garmin Communicator Plugin

Garmin USB Drivers

GearDrvs

H&R Block Deluxe + Efile + State 2010

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

hp deskjet 960c series (Remove only)

Intel® PROSet/Wireless Software

Internet Explorer Default Page

IrfanView (remove only)

Japanese Fonts Support For Adobe Reader 8

KeyScrambler

Learn2 Player (Uninstall Only)

Malwarebytes' Anti-Malware IP Policy Shortcuts

Malwarebytes Anti-Malware version 1.75.0.1300

Maxtor Encryption

McAfee SiteAdvisor

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Internet Explorer 5 PowerTweaks Web Accessory

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

mIWA

mLogView

mMHouse

Modem Helper

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 6 Service Pack 2 (KB954459)

mToolkit

mWlsSafe

mWMI

mZConfig

Nero 6 Ultra Edition

Nero Digital

NeroVision Express Content

NetWaiting

Norton 360

OGA Notifier 2.0.0048.0

Paint Shop Pro 7

Photo Click

Qualxserve Service Agreement

QuickSet

QuickTime

Rhapsody Player Engine

Secunia PSI (3.0.0.2004)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SpeedFan (remove only)

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SpywareBlaster 5.0

TrueCrypt

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 2.0.6

WebFldrs XP

Wi-Fi Connect

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

WinPatrol

XML Paper Specification Shared Components Pack 1.0

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

6/2/2013 3:54:47 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/2/2013 3:54:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

6/1/2013 8:45:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

.

==== End Of File ===========================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
calintexas

calintexas

Posted
  • Author
Posted

When you said stop all running programs, did you want me to shutdown right hand taskbar items: Norton 360, Malwarebytes, WinPatrol, etc or. did you mean things like Firefox, Word, etc? Not being sure, I shutdown everything on the RH taskbar that I could from the taskbar including disconnecting from my network before running RoguKiller. Between my original post and your response I noticed that Sweetloads still has its fingers in both my browsers. I'm glad I asked for help.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Cal [Admin rights]

Mode : Scan -- Date : 06/02/2013 19:35:49

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x806300CC -> HOOKED (Unknown @ 0x89FFA288)

SSDT[13] : NtAlertThread @ 0x80577310 -> HOOKED (Unknown @ 0x8A022360)

SSDT[17] : NtAllocateVirtualMemory @ 0x80569302 -> HOOKED (Unknown @ 0x8982E288)

SSDT[19] : NtAssignProcessToJobObject @ 0x805A1387 -> HOOKED (Unknown @ 0x8A3BA8D8)

SSDT[31] : NtConnectPort @ 0x8058CB11 -> HOOKED (Unknown @ 0x8A3406C8)

SSDT[43] : NtCreateMutant @ 0x805776E0 -> HOOKED (Unknown @ 0x89FE8C70)

SSDT[52] : NtCreateSymbolicLinkObject @ 0x8059E796 -> HOOKED (Unknown @ 0x89FFF600)

SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0x8A33D380)

SSDT[57] : NtDebugActiveProcess @ 0x8065C21D -> HOOKED (Unknown @ 0x8A37AAA8)

SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0x8A3525D8)

SSDT[83] : NtFreeVirtualMemory @ 0x80569C2D -> HOOKED (Unknown @ 0x8A364390)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC216 -> HOOKED (Unknown @ 0x8A3B62C8)

SSDT[91] : NtImpersonateThread @ 0x805817C1 -> HOOKED (Unknown @ 0x8A40A6F8)

SSDT[97] : NtLoadDriver @ 0x805A29BD -> HOOKED (Unknown @ 0x8A34B588)

SSDT[108] : unknown @ 0x8057CB31 -> HOOKED (Unknown @ 0x89FFB628)

SSDT[114] : NtOpenEvent @ 0x80581B30 -> HOOKED (Unknown @ 0x89FE8BB0)

SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0x8A33DAE0)

SSDT[123] : NtOpenProcessToken @ 0x80571121 -> HOOKED (Unknown @ 0x8A3ED700)

SSDT[125] : NtOpenSection @ 0x8056E583 -> HOOKED (Unknown @ 0x8A02D670)

SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0x8A3BBA80)

SSDT[137] : NtProtectVirtualMemory @ 0x80574F70 -> HOOKED (Unknown @ 0x89FF8488)

SSDT[206] : NtResumeThread @ 0x80578F98 -> HOOKED (Unknown @ 0x897C4380)

SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0x8A31C3C0)

SSDT[228] : NtSetInformationProcess @ 0x80570E2D -> HOOKED (Unknown @ 0x8A023C48)

SSDT[240] : NtSetSystemInformation @ 0x805A6AA9 -> HOOKED (Unknown @ 0x8A026A78)

SSDT[253] : NtSuspendProcess @ 0x80630011 -> HOOKED (Unknown @ 0x8A00A4D8)

SSDT[254] : NtSuspendThread @ 0x805E05BE -> HOOKED (Unknown @ 0x8A372B90)

SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0x89FFDA08)

SSDT[258] : unknown @ 0x80578037 -> HOOKED (Unknown @ 0x8A31C300)

SSDT[267] : NtUnmapViewOfSection @ 0x8057C6B6 -> HOOKED (Unknown @ 0x8A3F4DF0)

SSDT[277] : NtWriteVirtualMemory @ 0x805815AA -> HOOKED (Unknown @ 0x8A41B228)

S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A31A7E0)

S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A02A4B0)

S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A021350)

S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A2709C8)

S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A018518)

S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89FE7218)

S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89FFB218)

S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A033218)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A023730)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8983B590)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS548060M9AT00 +++++

--- User ---

[MBR] fd907843dd2bec6744b8dcd291cbe16b

[bSP] 61089aa54da192ccacc263ab131da6b3 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 53591 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 109852470 | Size: 3584 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_06022013_02d1935.txt >>

RKreport[1]_S_06022013_02d1935.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

You did it OK.

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites
calintexas

calintexas

Posted
  • Author
Posted

Ok, thanks. Here's the AdwCleaner log. I don't see anything here that I'm attached to.

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 20:53:00

# Updated 16/05/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Cal - MOVIEMACHINE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Cal\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Barb\Application

Data\Mozilla\Firefox\Profiles\rkcdbes5.default\searchplugins\safesearch.xml

File Found : C:\Documents and Settings\Cal\Application

Data\Mozilla\Firefox\Profiles\70hiutnc.default\searchplugins\safesearch.xml

File Found : C:\Documents and Settings\SurferSlug\Application

Data\Mozilla\Firefox\Profiles\bpkrlqz1.default\searchplugins\safesearch.xml

Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Microsoft\Internet

Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Internet

Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\Viewpoint

Key Found : HKU\S-1-5-21-2464069906-4190562662-3006596294-1005\Software\Microsoft\Internet

Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] =

hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={1EB44711-CB1B-11E2-AAE3-000E3

5B20EA7}

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\LocalService\Application

Data\Mozilla\Firefox\Profiles\xb7qim3g.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Cal\Application

Data\Mozilla\Firefox\Profiles\70hiutnc.default\prefs.js

Found : user_pref("finjan.ta.modules.app", "\r\n// Copyright, Finjan Software Ltd., 2006.\r\n//

Greasemonkey[...]

Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By

SweetPacks")[...]

File : C:\Documents and Settings\SurferSlug\Application

Data\Mozilla\Firefox\Profiles\bpkrlqz1.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Barb\Application

Data\Mozilla\Firefox\Profiles\rkcdbes5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3565 octets] - [02/06/2013 20:53:00]

########## EOF - C:\AdwCleaner[R1].txt - [3625 octets] ##########

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Let me know how it is......MrC

Link to post
Share on other sites
calintexas

calintexas

Posted
  • Author
Posted

Computer still seems to be running fine. Any idea where safesearch came from? My Norton toolbar has an Ask based safe search feature which I just tried, and it worked fine; so, that must not be it. I never use the Norton Search as I'm not crazy about Ask; so, I wouldn't have cared if it was gone. Here's the after delete and restart log:

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 21:31:06

# Updated 16/05/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Cal - MOVIEMACHINE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Cal\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\rkcdbes5.default\searchplugins\safesearch.xml

File Deleted : C:\Documents and Settings\Cal\Application Data\Mozilla\Firefox\Profiles\70hiutnc.default\searchplugins\safesearch.xml

File Deleted : C:\Documents and Settings\SurferSlug\Application Data\Mozilla\Firefox\Profiles\bpkrlqz1.default\searchplugins\safesearch.xml

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={1EB44711-CB1B-11E2-AAE3-000E35B20EA7} --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\xb7qim3g.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Cal\Application Data\Mozilla\Firefox\Profiles\70hiutnc.default\prefs.js

C:\Documents and Settings\Cal\Application Data\Mozilla\Firefox\Profiles\70hiutnc.default\user.js ... Deleted !

Deleted : user_pref("finjan.ta.modules.app", "\r\n// Copyright, Finjan Software Ltd., 2006.\r\n// Greasemonkey[...]

Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks")[...]

File : C:\Documents and Settings\SurferSlug\Application Data\Mozilla\Firefox\Profiles\bpkrlqz1.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Barb\Application Data\Mozilla\Firefox\Profiles\rkcdbes5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3694 octets] - [02/06/2013 20:53:00]

AdwCleaner[R2].txt - [3754 octets] - [02/06/2013 21:28:47]

AdwCleaner[s1].txt - [3731 octets] - [02/06/2013 21:31:06]

########## EOF - C:\AdwCleaner[s1].txt - [3791 octets] ##########

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Any idea where safesearch came from?

Usually comes bundles with other software that you download such as games and "free" programs.

If it's OK......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites
calintexas

calintexas

Posted
  • Author
Posted

This is a long story, but there is a point: This computer has a 1.8 Centrino chip and 1.5GB RAM. It runs XP Pro pretty well, but seems to be sensitive to increasing complexity in once useful programs. An example is Secunia PSI which worked really well in versions 1 & 2, but became a huge resource hog with version 3. I've turned continuous monitoring off and only run it once a week. Similarly, for a few months, I've been having intermitent problems with Norton 360 and Malwarebytes starting up cleanly. After reading about issues with the Malwarebytes website blocking database size on this site and Symantec's recent behavior towards Malwarebytes, I turned off auto startup for Malwarebytes and have been starting it manually after computer startup is complete (which resolved the startup issues). Since performing what cleanup I did before starting this thread, I've been autostarting Malwarebytes again. So far, startup has been very reliable. This morning, startup seems to be faster than it has been in some time.

I'm surprised to see that Adobe Reader 8 is still on the computer somewhere. I've kept 9 up to date with security patches, but haven't gone to a later version. I've been considering dumping Adobe and going to the Nitro free freader. Is that a good alternative? Finally, here's the scan you requested:

Results of screen317's Security Check version 0.99.64

Windows XP Service Pack 3 x86

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Norton 360

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

WinPatrol

MVPS Hosts File

SpywareBlaster 5.0

Spybot - Search & Destroy

McAfee SiteAdvisor

Secunia PSI (3.0.0.2004)

Malwarebytes Anti-Malware version 1.75.0.1300

EasyCleaner

Adobe Flash Player 11.7.700.202

Adobe Reader 8 Adobe Reader out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (21.0)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

WinPatrol winpatrol.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

BillP Studios WinPatrol winpatrol.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 9%

````````````````````End of Log``````````````````````

One last tibit: McAfee Site Advisor threw warnings for all but the adwcleaner download. Not that it matters.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

You can create exclusions for Norton similar to this if needed:

http://forums.malwar...ndpost&p=215158

Secunia PSI <---I don't recommend using this...too many problems

Adobe Reader 8 Adobe Reader out of Date!

Adobe Reader 9 Adobe Reader out of Date!

For Adobe:

Please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

----------------------------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
calintexas

calintexas

Posted
  • Author
Posted

Thank you. I'm good for now. I'll give your Preventive Maintenance recommendations a look.

I deleted Acrobat 9 using Add/Remove, but Acrobat 8 isn't there. I did remove the remainder Acrobat 9 & 8 files from the Program Files directory, but Acrobat 8 still shows when I run Security Check. Apparently Adobe didn't do a good job of removing 8 when I upgraded to 9. I found an extensive proceedure for competely removing 8 on the Adobe site which I'll use when I get a chance.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept