Jump to content

Recommended Posts

Note:  This is a copy/paste job with some modifications.  I tried inquiring about this on Bleepingcomputer - got 1 reply and no help. Saw you guys gave a better response to another with a similar problem.

 

 


Hello there  :)  - I'm new, and I'm currently trying to fix my mother's computer.

Ok, here we go.....

My mother ended up having DNSbasic and other crud on her computer (she likes games).  I managed to clear that out using Norton, SAS, and Malwarebytes.  I also deleted some program folders and registry entries manually in safe mode (I know - Big NO-NO :rolleyes: )

Anyway, I ended up with clean scans of health, and the computer and its browsers (at least firefox) was working great - fast connections, no pop-ups, no nothing  :D.  I then decided to be more thorough and try to do a "hijack this!' kind of post on another tech site just to make sure I need nothing further (like a recovery console repair).

I downloaded the DDS.scr and gmer files (following Tech Support forum's instructions).  Disabled my norton 360 per instructions and decided to "disable radio" on my wifi.  Ran the scan and it seemed to work, but then it froze.  No action whatsoever from the computer.  I waited 5 min. or so and then decided to just cut the computer off - no proper shutdown.  I had no other choice.  Ctr+Alt+Del nor anything else was working.

When I restarted the computer, the startup was a little slower - like there were more processes going on.  But it started well enough, and I tried running it again.  Same problem, same solution.  I cut the computer back on (start up was slow again, but not any slower than before), logged back on, and moved on to the gmer file.  That went just fine.

Once done, I then decided to download the DDS.com DOS program from the Bleepingcomputer site.  Same problem occured, and once again I just shut off the computer.

This time when I cut it back on, It was VEEEERY slow at start-up (5 min. or so I waited). I then bacame concerned that I screwed up the OS since it seemed to continue to process, but didn't start up.  So I cutoff while still "loading", and cut it back on again.  It then prompted me that Windows didn't shut down properly........safe mode option.  I clicked the safe mode option, and it was still slow to load, but at least it loaded.  Deleted the dds program I downloaded, and restarted the computer - properly.  Slow to start again in regular mode, but it did finally start up.  Everything was VEEERY slow to load upon start-up.  Downloaded the OTC program found on Bleepingcomputer, and it didn't do much good.  I'm now here asking for help.

I'm very sorry for this long post, but I'm hoping that a more thorough post would return an even quicker response.

Thank you all for your time. :)

And 'system restore' has been disabled since battling this, so that's not an option.
 

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Uh oh - When I got that message about the recovery console, I clicked yes, and it told me about not being able to locate something about the master boot.  It started to scan without disconnecting from the internet.  I tried to quickly 'disable' radio, but now it has stalled.

 

What's the next move?  I'm really sorry about this. :(

Link to post
Share on other sites

  • Root Admin

Well since that is having trouble running let's try a different route.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Ok. Here we go....

 

Step 3: mbar-log-2013-10-27 (07-14-30).txtsystem-log.txt

 

Step 4:  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Sun 10/27/2013 at  9:22:52.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\supreme savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\alxssb.alxtbssb.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3286042
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3316068
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{094E8DB5-3F6D-4FD2-8EB4-D7AE8444D2DF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\updater19962"
Successfully deleted: [Folder] "C:\Program Files\domaiq uninstaller"
Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{650eed71-89e2-453b-8dcf-2aa1b4ae6ef3}"
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\fctb
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\extensions\93abedcf-8e3a-4d02-b761-d1441e437c09@243f129d-aee2-42c2-bcd1-48858e1c22fd.com
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\prefs.js

user_pref("CT3286042.smartbar.homepage", "true");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");

user_pref("smartbar.addressBarOwnerCTID", "CT3286042");


user_pref("smartbar.defaultSearchOwnerCTID", "CT3286042");
user_pref("smartbar.homePageOwnerCTID", "CT3286042");

Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\lmea5ya4.default\minidumps [8 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/27/2013 at 11:13:29.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Step 5: 

# AdwCleaner v3.010 - Report created 27/10/2013 at 11:56:38
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - (Owner)
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
Folder Deleted : C:\Program Files\WinZipper
Folder Deleted : C:\Program Files\Common Files\337
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\WordLayers
Folder Deleted : C:\Documents and Settings\Owner\Application Data\WinZipper
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Alawar Stargaze
Folder Deleted : C:\Documents and Settings\Owner\My Documents\PC Health Kit
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3289663
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3316068
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3294791
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\CT3286042
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\LinkSwift
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\V9
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10287 octets] - [27/10/2013 11:33:02]
AdwCleaner[s0].txt - [10441 octets] - [27/10/2013 11:56:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10502 octets] ##########

 

 

Step 6:

 

C:\Documents and Settings\Owner\My Documents\ApnStub.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames(1).exe    a variant of Win32/Adware.Gamevance.DD application
C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeCandyGames.exe    a variant of Win32/Adware.Gamevance.DD application
C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(1).exe    Win32/OpenCandy application
C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames(2).exe    Win32/OpenCandy application
C:\Documents and Settings\Owner\My Documents\Downloads\ArcadeFrontierGames.exe    Win32/OpenCandy application
C:\Documents and Settings\Owner\My Documents\Downloads\slot-machine.exe    a variant of Win32/InstallCore.AL application
C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc1.exe    Win32/InstallCore.EA application
C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc3.exe    Win32/DownloadAdmin.G application
C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc4.exe    Win32/DownloadAdmin.G application
C:\RECYCLER\S-1-5-21-1390067357-261478967-839522115-1003\Dc5.exe    Win32/DownloadAdmin.G application

Step 7:  Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013
Ran by Owner (administrator) on Owner on 27-10-2013 16:40:54
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(iWin Inc.) C:\Program Files\Pogo Games\PGMTrusted.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\windows\eHome\ehmsas.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [1392640 2006-11-01] (Dell Inc.)
HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [intelZeroConfig] - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation)
HKLM\...\Run: [intelWireless] - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [1101824 2007-10-08] (Intel Corporation)
HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-10-05] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [DW6] - "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
MountPoints2: {f7ddcb5e-0dc8-11e3-b0c3-0015c5bfd63b} - E:\LGAutoRun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {7f3f960e-a836-45ca-8911-0accb522246e} -  No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {7f3f960e-a836-45ca-8911-0accb522246e} -  No File
BHO: PETN - {9D580032-6BF3-4E7D-9A9F-C6928C6EF8DF} - C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork\petn.dll No File
BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dll No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{D80D2809-EEB1-4CC4-BEDF-2D45553049F0}: [NameServer]75.75.75.75,75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\searchplugins\TelevisionFanatic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: WordOv - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\jzkenlkaloil@kctewplunsmgzuca.org
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Flashblock - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: firefox-hotfix - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: restartless.restart - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\restartless.restart@erikvold.com.xpi
FF Extension: aios - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lmea5ya4.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: WordOv - C:\Program Files\Mozilla Firefox\extensions\jzkenlkaloil@kctewplunsmgzuca.org
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton Security Suite\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559552 2013-08-08] (RealNetworks, Inc.)
R2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-29] (iWin Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation )
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.)
S2 IDVaultSvc; "C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-05-26] (Cisco Systems, Inc.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-10-06] (AVG Technologies)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys [1096280 2013-10-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-09-30] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-10-18] (Symantec Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131025.001\IDSxpx86.sys [380824 2013-10-17] (Symantec Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVENG.SYS [93272 2013-10-18] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131026.007\NAVEX15.SYS [1612376 2013-10-18] (Symantec Corporation)
R3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation)
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2012-07-27] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2013-04-24] (The OpenVPN Project)
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog32.sys [x]
S3 catchme; \??\C:\DOCUME~1\DIANES~1\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 keycrypt; system32\DRIVERS\KeyCrypt32.sys [x]
S3 NETw3x32; system32\DRIVERS\NETw3x32.sys [x]
S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [x]
S3 w39n51; system32\DRIVERS\w39n51.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST
2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET
2013-10-27 11:32 - 2013-10-27 11:58 - 00000000 ____D C:\AdwCleaner
2013-10-27 11:31 - 2013-10-27 06:34 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe
2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT
2013-10-27 09:16 - 2013-10-27 06:30 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2013-10-27 07:14 - 2013-10-27 08:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-27 07:00 - 2013-10-27 07:01 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-27 06:59 - 2013-10-27 12:04 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar
2013-10-27 06:59 - 2013-10-27 06:27 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe
2013-10-26 04:31 - 2013-10-26 05:03 - 00000000 ___SD C:\ComboFix
2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox
2013-10-26 04:31 - 2011-06-26 02:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-26 04:31 - 2010-11-07 13:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-26 04:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-26 04:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-26 04:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-26 04:31 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-10-26 04:31 - 2000-08-30 20:00 - 00098816 _____ C:\windows\sed.exe
2013-10-26 04:31 - 2000-08-30 20:00 - 00080412 _____ C:\windows\grep.exe
2013-10-26 04:31 - 2000-08-30 20:00 - 00068096 _____ C:\windows\zip.exe
2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt
2013-10-26 04:26 - 2013-10-26 04:24 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2013-10-26 02:42 - 2013-10-26 02:49 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log
2013-10-25 10:27 - 2013-10-27 13:58 - 00008222 _____ C:\windows\setupapi.log
2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt
2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC
2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache
2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-22 18:31 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-22 18:30 - 2013-08-08 03:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\All Users\Documents\mbam-setup-1.75.0.1300.exe
2013-10-22 05:04 - 2013-10-22 10:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-19 17:20 - 2013-10-19 17:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
2013-10-19 16:52 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver
2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-19 01:05 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-10-19 01:05 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-10-19 01:05 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-10-19 01:05 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-10-19 01:05 - 2013-10-08 07:29 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl
2013-10-19 01:03 - 2013-10-19 01:05 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap
2013-10-12 08:02 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2013-10-12 08:01 - 2013-10-22 17:26 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo!
2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
2013-10-10 06:48 - 2013-10-11 02:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache
2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar
2013-10-10 03:09 - 2013-10-10 03:10 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache
2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache
2013-10-09 03:31 - 2013-10-09 03:32 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$
2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$
2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$
2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$
2013-10-09 02:02 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\windows\system32\dllcache\hidparse.sys
2013-10-09 02:01 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbvideo.sys
2013-10-09 02:01 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbaudio.sys
2013-10-09 02:01 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\windows\system32\dllcache\irbus.sys
2013-10-09 02:00 - 2013-08-08 20:55 - 00032384 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbccgp.sys
2013-10-09 02:00 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\windows\system32\dllcache\usbd.sys
2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531}
2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar
2013-10-06 09:19 - 2013-10-06 09:17 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks
2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks
2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-10-05 04:29 - 2013-10-27 12:04 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job
2013-09-30 22:35 - 2013-10-22 10:17 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

2013-10-27 16:40 - 2013-10-27 16:40 - 00000000 ____D C:\FRST
2013-10-27 16:37 - 2013-10-27 16:37 - 01089097 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2013-10-27 16:36 - 2012-03-31 05:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 13:58 - 2013-10-27 13:58 - 00000000 ____D C:\Program Files\ESET
2013-10-27 13:58 - 2013-10-25 10:27 - 00008222 _____ C:\windows\setupapi.log
2013-10-27 12:11 - 2012-03-08 21:30 - 00007680 ___SH C:\windows\Thumbs.db
2013-10-27 12:05 - 2012-03-08 21:39 - 00000292 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job
2013-10-27 12:05 - 2012-03-08 11:36 - 01439697 _____ C:\windows\WindowsUpdate.log
2013-10-27 12:04 - 2013-10-27 06:59 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\mbar
2013-10-27 12:04 - 2013-10-05 04:29 - 00000292 _____ C:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1390067357-261478967-839522115-1003.job
2013-10-27 12:04 - 2012-03-08 11:33 - 00000000 ____D C:\windows\Registration
2013-10-27 12:03 - 2012-03-08 12:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-27 12:03 - 2012-03-08 06:25 - 00000159 _____ C:\windows\wiadebug.log
2013-10-27 12:03 - 2012-03-08 06:25 - 00000050 _____ C:\windows\wiaservc.log
2013-10-27 12:00 - 2012-03-08 12:13 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2013-10-27 12:00 - 2012-03-08 12:08 - 00032652 _____ C:\windows\SchedLgU.Txt
2013-10-27 11:58 - 2013-10-27 11:32 - 00000000 ____D C:\AdwCleaner
2013-10-27 09:22 - 2013-10-27 09:22 - 00000000 ____D C:\windows\ERUNT
2013-10-27 08:51 - 2013-10-27 07:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-10-27 07:01 - 2013-10-27 07:00 - 00047064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-27 06:34 - 2013-10-27 11:31 - 01060070 _____ C:\Documents and Settings\Owner\Desktop\AdwCleaner(1).exe
2013-10-27 06:30 - 2013-10-27 09:16 - 01033335 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2013-10-27 06:27 - 2013-10-27 06:59 - 12576792 _____ (Malwarebytes Corp.) C:\Documents and Settings\Owner\Desktop\mbar-1.07.0.1007.exe
2013-10-27 06:27 - 2004-08-10 07:00 - 00002206 _____ C:\windows\system32\wpa.dbl
2013-10-26 05:49 - 2013-07-03 14:56 - 00644806 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-261478967-839522115-1003-0.dat
2013-10-26 05:49 - 2013-07-01 12:02 - 00096322 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-26 05:24 - 2012-03-08 11:34 - 00000000 ____D C:\windows\system32\Restore
2013-10-26 05:03 - 2013-10-26 04:31 - 00000000 ___SD C:\ComboFix
2013-10-26 04:31 - 2013-10-26 04:31 - 00000000 ____D C:\Qoobox
2013-10-26 04:30 - 2013-10-26 04:30 - 00000000 ____D C:\windows\erdnt
2013-10-26 04:24 - 2013-10-26 04:26 - 05136694 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2013-10-26 04:21 - 2012-03-08 21:39 - 00000300 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job
2013-10-26 02:49 - 2013-10-26 02:42 - 00399973 _____ C:\Documents and Settings\Owner\Desktop\avgremover.log
2013-10-25 12:10 - 2012-03-09 15:53 - 00015120 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-25 10:57 - 2012-03-08 06:21 - 00099848 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-25 09:20 - 2013-10-25 09:20 - 00031952 _____ C:\Documents and Settings\Owner\Desktop\ark.txt
2013-10-24 21:25 - 2013-10-24 21:25 - 00000000 ____D C:\windows\CSC
2013-10-24 00:03 - 2012-09-17 01:51 - 00000000 ____D C:\Program Files\Google
2013-10-24 00:02 - 2012-09-17 01:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2013-10-23 23:47 - 2012-03-08 13:10 - 00001324 _____ C:\windows\system32\d3d9caps.dat
2013-10-23 23:44 - 2013-10-23 23:44 - 00000000 __SHD C:\Documents and Settings\Owner\IECompatCache
2013-10-23 23:44 - 2012-03-08 12:13 - 00000000 ____D C:\Documents and Settings\Owner
2013-10-23 03:17 - 2013-02-18 22:11 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-22 22:21 - 2012-03-08 20:16 - 00000000 __HDC C:\windows\$NtUninstallKB979309$
2013-10-22 20:47 - 2013-04-11 03:02 - 00000000 __HDC C:\windows\$NtUninstallKB2813345$
2013-10-22 18:31 - 2013-10-22 18:31 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-22 18:31 - 2013-10-22 18:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-22 18:18 - 2013-01-19 04:39 - 00000000 ____D C:\Program Files\Pogo Games
2013-10-22 18:18 - 2012-05-28 10:48 - 00000000 ____D C:\Program Files\Slingo Supreme 2
2013-10-22 18:18 - 2012-03-08 22:40 - 00000000 ____D C:\Program Files\Xvid
2013-10-22 18:18 - 2012-03-08 12:21 - 00000000 ____D C:\Program Files\RGB
2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\GemMaster
2013-10-22 18:18 - 2012-03-08 12:19 - 00000000 ____D C:\Program Files\ESPNMotion
2013-10-22 18:18 - 2012-03-08 11:29 - 00000000 ____D C:\Program Files\Messenger
2013-10-22 17:26 - 2013-10-19 16:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\SySaver
2013-10-22 17:26 - 2013-10-12 08:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2013-10-22 17:26 - 2013-10-12 08:01 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo!
2013-10-22 17:02 - 2012-04-26 06:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-22 10:19 - 2013-10-22 05:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-22 10:17 - 2013-09-30 22:35 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2013-10-21 15:56 - 2012-12-22 05:37 - 00000300 _____ C:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1390067357-261478967-839522115-1003.job
2013-10-21 04:08 - 2012-03-08 22:19 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2013-10-21 03:37 - 2012-03-08 21:29 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-10-21 03:37 - 2012-03-08 21:29 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-10-19 17:35 - 2012-03-08 11:33 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2013-10-19 17:21 - 2013-10-19 17:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330
2013-10-19 17:16 - 2012-09-05 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-10-19 17:15 - 2012-03-31 05:01 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-19 17:15 - 2012-03-08 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-19 02:40 - 2012-08-09 02:00 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Elephant Games
2013-10-19 02:39 - 2013-10-19 02:39 - 00001232 _____ C:\Documents and Settings\All Users\Desktop\More Great Games.lnk
2013-10-19 01:47 - 2012-03-08 06:11 - 00000000 ____D C:\windows\Resources
2013-10-19 01:06 - 2013-10-19 01:06 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-19 01:05 - 2013-10-19 01:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-19 01:05 - 2013-10-19 01:03 - 00004705 _____ C:\windows\system32\jupdate-1.7.0_45-b18.log
2013-10-19 01:05 - 2013-06-24 07:21 - 00000000 ____D C:\Program Files\Java
2013-10-16 03:35 - 2013-10-16 03:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Boomzap
2013-10-13 10:09 - 2012-03-08 11:32 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-13 04:08 - 2013-04-24 22:12 - 00000884 __RSH C:\Documents and Settings\Owner\ntuser.pol
2013-10-12 08:52 - 2013-04-26 20:05 - 00001657 _____ C:\windows\system32\InstallUtil.InstallLog
2013-10-11 02:51 - 2013-10-10 06:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BigFishCache
2013-10-10 06:51 - 2013-10-10 06:51 - 00001184 _____ C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
2013-10-10 06:51 - 2012-04-25 13:47 - 00001584 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
2013-10-10 06:51 - 2012-04-25 13:46 - 00000000 ____D C:\Program Files\bfgclient
2013-10-10 03:10 - 2013-10-10 03:10 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVG SafeGuard toolbar
2013-10-10 03:10 - 2013-10-10 03:09 - 00003708 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-10 03:09 - 2013-10-10 03:09 - 00000000 ____D C:\windows\system32\cache
2013-10-09 22:48 - 2013-10-09 22:48 - 00000000 __SHD C:\windows\ftpcache
2013-10-09 03:54 - 2012-03-08 23:44 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 03:49 - 2012-03-08 06:22 - 00602538 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-09 03:32 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2847311$
2013-10-09 03:31 - 2013-10-09 03:31 - 00000000 __HDC C:\windows\$NtUninstallKB2862335$
2013-10-09 03:28 - 2013-07-15 12:12 - 00000000 ____D C:\windows\system32\MRT
2013-10-09 03:16 - 2012-03-08 20:30 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-09 03:15 - 2012-03-08 23:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\windows\$NtUninstallKB2868038$
2013-10-09 03:10 - 2012-03-08 20:46 - 00000000 ____D C:\windows\ie8updates
2013-10-09 03:09 - 2013-10-09 03:09 - 00000000 __HDC C:\windows\$NtUninstallKB2883150$
2013-10-09 03:08 - 2013-10-09 03:08 - 00000000 __HDC C:\windows\$NtUninstallKB2862330$
2013-10-08 10:09 - 2013-10-08 10:09 - 00003736 _____ C:\{A399F1E3-6ED8-48E8-B708-094BDA8D4531}
2013-10-08 07:50 - 2013-10-19 01:05 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2013-10-08 07:46 - 2013-10-19 01:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-10-08 07:46 - 2013-10-19 01:05 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-10-08 07:46 - 2013-10-19 01:05 - 00174504 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-10-08 07:29 - 2013-10-19 01:05 - 00145408 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl
2013-10-08 04:11 - 2013-10-08 04:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2013-10-06 09:26 - 2013-10-06 09:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\AVG SafeGuard toolbar
2013-10-06 09:17 - 2013-10-06 09:19 - 00037664 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2013-10-06 04:38 - 2012-03-08 12:47 - 00048640 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-05 14:31 - 2013-10-05 14:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\RealNetworks
2013-10-05 14:30 - 2013-10-05 14:30 - 00000747 _____ C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Program Files\RealNetworks
2013-10-05 14:29 - 2013-10-05 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
2013-10-05 14:29 - 2012-12-22 05:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2013-10-05 14:27 - 2013-10-05 14:27 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-10-05 14:27 - 2012-12-22 05:29 - 00201872 _____ (RealNetworks, Inc.) C:\windows\system32\rmoc3260.dll
2013-10-05 14:27 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2013-10-05 14:26 - 2012-12-22 05:28 - 00272896 _____ (Progressive Networks) C:\windows\system32\pncrt.dll
2013-10-05 14:26 - 2012-12-22 05:28 - 00006656 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5016.dll
2013-10-05 14:26 - 2012-12-22 05:28 - 00005632 _____ (RealNetworks, Inc.) C:\windows\system32\pndx5032.dll
2013-10-05 05:01 - 2013-07-12 19:25 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2013-10-05 04:41 - 2012-03-09 00:39 - 00000000 ____D C:\GameHouse Games
2013-10-05 04:40 - 2012-03-09 00:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\GameHouse
2013-10-05 04:40 - 2012-03-09 00:39 - 00000000 ____D C:\Program Files\RealArcade
2013-09-30 06:40 - 2012-04-01 07:41 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\dvdcss
2013-09-28 05:58 - 2012-03-08 21:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Real

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Then restart the computer and then run the following and post back the log please.

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

It didn't seem to be when I first did this the 'manual' way (removing some of those obvious crap registry files and folders - conduit, etc.).  So all has been fine.  The original scans (especially from malwarbytes & SAS) had gotten rid of most of the stuff that gave my mother agita.  My only issue is that the startup is reeeeeally slow now (at least 3-4 min), and that started after I tried running that dds scan.  Do you think you could help with that?  Also, late in September I downloaded a freeware program onto my new computer that also installed avg secure search (didn't give me a box to tick off).  It didn't give me problems, and I used their (avg) removal tool to get rid of it.  Should I do any extra scans to get rid of anything, or am I ok?  I used the remover on my mother's laptop before asking for help here, and these various scans still turned up stuff.

 

You've been really fabulous, and I appreciate your patience and help.  But I'm curious - what do you mean by it looks to be clean for the most part? :blink:

 

:lol:

Link to post
Share on other sites

  • Root Admin

Just mean there are issues going on in the Event Logs that are not really malware but could be in part due to some of these adware changes.

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

 

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.

On Windows XP the disk check log is in the Event Logs under Application with a heading source of  Winlogon
On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit
On Windows 8 the disk check log is in the Event Logs under Application with a heading source of  Chkdsk

How to Run a Chkdsk Function on Windows XP

How to view and manage event logs in Event Viewer in Windows XP

How to Run Disk Check in Windows 7

How to Run Check Disk at Startup in Vista or Windows 7

How to Check a Drive for Errors with "chkdsk" in Windows 8

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 

 

 

 

When that's all done please run the following.

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

Link to post
Share on other sites

  • Root Admin

No AVG Secure Search is not a threat or real issue to your system.  It is often considered a PUP (Potentially Unwanted Program) simply because it is often installed without the users knowledge or consent.  If you have no issues with it being on your system or using it then you can keep it on your system.

 

I do not see any obvious threats from that startup entry log you posted for AutoRuns and in general not a lot of items loading like most computers have.

 

If the startup is still very slow after having run a FULL disk check and resetting the browsers then you may have something else going on with the system that might be hardware related or may take some more advanced event tracking in order to track down the cause.  This forum though is not designed for those type of issues as they're considered General PC issues. 

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

  • Root Admin

You're quite welcome for the help.

 

Yes, those articles I linked to for the disk check you should have run CHKDSK C: /R from an elevated admin command prompt or used the GUI to do it, either way.

 

You can obtain general computer help from this forum if you like:  General PC Help

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.