Jump to content

Malwarebytes flashing ''Successfully blocked 162.210.192.21'' Type: Outgoing


Recommended Posts

Hi I recently am getting this message quite often. Not sure what it is, please help. Only symptoms i've had is Blank Desktop ( No icons, no start menu, no taskbar, can't right click )

 

This is the DDS Document:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.21364  BrowserJavaVersion: 10.45.2
Run by sl at 17:18:53 on 2014-01-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.1242 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* 
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\keyacc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\updater\updater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\WhatPulse2\whatpulse.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\sl\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {878B8524-AED5-4870-9A96-A515440DAC75} - <orphaned>
BHO: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Youtube Plus: {BA900CBA-FA92-4DF6-BED1-B683BFB92433} - c:\program files\youtubeplus\YoutubePlus.dll
BHO: DeaLLExxproess: {BC50CB4F-1F0F-02B0-6071-25A87AA30C31} - c:\documents and settings\all users\application data\deallexxproess\khT3.dll
BHO: FindBEstDeeeAl: {C5AEB1CE-02A6-1EF7-D242-1DF5D5049DF4} - c:\documents and settings\all users\application data\findbestdeeeal\_BzGY.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
TB: ???????@Mail.Ru: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MediaGet2] c:\documents and settings\sl\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [steam] "c:\program files\steam\steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [soundMan] SOUNDMAN.EXE
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Guard.Mail.ru.gui] "c:\program files\mail.ru\guard\GuardMailRu.exe" /gui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui
mRun: [KeyAccess] kass.exe
mRun: [20131121] c:\program files\alwil software\avast5\setup\emupdate\3cad4f8d-aeb7-4778-9ac4-6a95afccae6a.exe /check
StartupFolder: c:\docume~1\sl\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sl\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\sl\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: LWA = dword:0
uPolicies-Explorer: LWB = dword:0
uPolicies-Explorer: LWC = dword:0
uPolicies-Explorer: LWD = dword:0
uPolicies-Explorer: LWE = dword:0
uPolicies-Explorer: LWF = dword:0
uPolicies-Explorer: LWG = dword:0
uPolicies-Explorer: LWH = dword:0
uPolicies-Explorer: LWI = dword:0
uPolicies-Explorer: LWJ = dword:0
uPolicies-Explorer: LWK = dword:0
uPolicies-Explorer: LWL = dword:0
uPolicies-Explorer: LWM = dword:0
uPolicies-Explorer: LWN = dword:0
uPolicies-Explorer: LWO = dword:0
uPolicies-Explorer: LWP = dword:0
uPolicies-Explorer: LWQ = dword:0
uPolicies-Explorer: LWR = dword:0
uPolicies-Explorer: LWS = dword:0
uPolicies-Explorer: LWT = dword:0
uPolicies-Explorer: LWU = dword:0
uPolicies-Explorer: LWV = dword:0
uPolicies-Explorer: LWW = dword:0
uPolicies-Explorer: LWX = dword:0
uPolicies-Explorer: LWY = dword:0
uPolicies-Explorer: LWZ = dword:0
uPolicies-System: DisableClock = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4B2BD469-C0BB-4640-91B1-C3F6A998276D} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= katrack.dll c:\docume~1\alluse~1\applic~1\webplat\webplat.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-7-8 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-16 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2011-2-9 403440]
R2 412ac99f;WebPlat;c:\windows\system32\rundll32.exe [2006-2-28 33280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-9 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-14 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-9 50344]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\mail.ru\guard\GuardMailRu.exe [2012-6-27 6677536]
R2 KeyAccess;KeyAccess;c:\windows\keyacc32.exe [2012-5-23 1403072]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-1-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-1-12 701512]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-2-28 36600]
R2 WMP54GXSVC;WMP54GXSVC;c:\program files\linksys wireless-g pci adapter with srx\WLService.exe [2012-2-5 41025]
R2 ytpUpdater;ytpUpdater;c:\program files\updater\updater.exe [2012-3-26 1730048]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-12 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2012-7-31 34896]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-4-21 9344]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2013-1-9 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2013-1-22 36928]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile=c:\windows\system32\WScript.exe "%1" %* [userChoice]
.
=============== Created Last 30 ================
.
2014-01-14 14:08:35 -------- d-----w- c:\documents and settings\all users\application data\nbhmbklijefabdppgdobedndnejdmikp
2014-01-14 14:08:35 -------- d-----w- c:\documents and settings\all users\application data\DeaLLExxproess
2014-01-14 14:08:09 -------- d-----w- c:\documents and settings\all users\application data\FindBEstDeeeAl
2014-01-13 02:15:12 -------- d-----w- c:\documents and settings\sl\application data\Pamela
2014-01-13 02:14:38 -------- d-----w- c:\program files\Pamela RichMood Editor
2014-01-13 02:07:19 -------- d-----w- c:\program files\NCH Software
2014-01-13 02:07:17 -------- d-----w- c:\documents and settings\sl\application data\NCH Software
2014-01-12 15:51:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-11 20:50:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-01-11 20:50:29 -------- d-----w- c:\windows\system32\wbem\Repository
2014-01-02 03:36:07 -------- d-----w- c:\program files\Audacity
2013-12-31 17:47:59 -------- d-----w- c:\documents and settings\sl\application data\Malwarebytes
2013-12-31 17:47:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-12-31 17:47:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-30 00:17:17 -------- d-----w- c:\documents and settings\all users\application data\RaNiddomPricea
2013-12-30 00:17:16 -------- d-----w- c:\documents and settings\all users\application data\bjippplnldfbfgchfebgmnhloglddapd
2013-12-30 00:17:08 -------- d-----w- c:\documents and settings\all users\application data\ChaeAApMe
2013-12-27 23:01:04 -------- d-----w- c:\documents and settings\sl\application data\DonationCoder
2013-12-27 23:00:48 -------- d-----w- c:\program files\ScreenshotCaptor
2013-12-27 23:00:48 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder
2013-12-26 16:19:12 -------- d-----w- c:\documents and settings\all users\application data\WebPlat
2013-12-23 23:15:31 -------- d-----r- c:\program files\Skype
.
==================== Find3M  ====================
.
2013-12-11 00:58:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 00:58:16 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 13:42:51 139656 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-11-06 13:42:45 290776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-11-06 13:42:45 290776 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-11-06 03:18:16 290776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-11-06 02:01:09 138904 ----a-w- c:\documents and settings\sl\application data\PnkBstrK.sys
2013-11-06 02:00:51 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-11-05 14:47:17 6822 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-25 11:24:35 841216 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 11:24:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-10-25 11:24:34 1830912 ------w- c:\windows\system32\inetcpl.cpl
2013-10-25 11:24:34 17408 ------w- c:\windows\system32\corpol.dll
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-19 20:23:35 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-19 20:23:35 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-19 20:23:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-19 20:23:35 43152 ----a-w- c:\windows\avastSS.scr
2013-10-19 20:23:35 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-19 18:32:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-19 18:32:35 145408 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 17:20:41.89 ===============
 
And this is the ATTACH Document:
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2011 7:27:30 PM
System Uptime: 1/14/2014 5:02:28 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M2N4-SLI
Processor: AMD Athlon 64 X2 Dual Core Processor 5600+ | Socket AM2  | 2814/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 122 GiB total, 41.687 GiB free.
D: is FIXED (NTFS) - 176 GiB total, 72.156 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\9B078A2E00E3
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\9B078A2E00E3
Service: NIC1394
.
==== System Restore Points ===================
.
RP862: 11/4/2013 7:32:20 PM - Restore Operation
RP863: 11/5/2013 7:36:28 AM - Restore Operation
RP864: 11/6/2013 8:37:05 AM - System Checkpoint
RP865: 11/7/2013 8:48:26 AM - System Checkpoint
RP866: 11/9/2013 8:26:50 AM - System Checkpoint
RP867: 11/10/2013 5:07:57 PM - System Checkpoint
RP868: 11/11/2013 6:11:27 PM - System Checkpoint
RP869: 11/12/2013 6:38:35 PM - System Checkpoint
RP870: 11/14/2013 7:11:03 PM - System Checkpoint
RP871: 11/15/2013 7:58:37 PM - System Checkpoint
RP872: 11/17/2013 11:29:46 AM - System Checkpoint
RP873: 11/18/2013 12:10:48 PM - System Checkpoint
RP874: 11/20/2013 11:09:17 AM - System Checkpoint
RP875: 11/21/2013 7:34:44 PM - System Checkpoint
RP876: 11/22/2013 7:59:53 PM - System Checkpoint
RP877: 11/24/2013 10:35:41 AM - System Checkpoint
RP878: 12/2/2013 2:23:37 PM - System Checkpoint
RP879: 12/3/2013 7:06:59 PM - System Checkpoint
RP880: 12/4/2013 7:15:08 PM - System Checkpoint
RP881: 12/5/2013 7:32:10 PM - System Checkpoint
RP882: 12/6/2013 8:22:36 PM - System Checkpoint
RP883: 12/7/2013 11:01:47 PM - System Checkpoint
RP884: 12/9/2013 6:29:36 PM - System Checkpoint
RP885: 12/10/2013 7:12:44 PM - System Checkpoint
RP886: 12/11/2013 7:14:58 PM - System Checkpoint
RP887: 12/13/2013 4:52:59 PM - System Checkpoint
RP888: 12/15/2013 12:04:33 PM - System Checkpoint
RP889: 12/16/2013 12:47:53 PM - System Checkpoint
RP890: 12/17/2013 12:52:30 PM - System Checkpoint
RP891: 12/18/2013 4:53:39 PM - System Checkpoint
RP892: 12/19/2013 5:13:15 PM - System Checkpoint
RP893: 12/20/2013 5:16:54 PM - System Checkpoint
RP894: 12/21/2013 5:48:25 PM - System Checkpoint
RP895: 12/23/2013 12:08:59 PM - System Checkpoint
RP896: 12/25/2013 9:44:57 AM - System Checkpoint
RP897: 12/26/2013 10:22:34 AM - System Checkpoint
RP898: 12/27/2013 11:15:03 AM - System Checkpoint
RP899: 12/28/2013 1:12:36 PM - System Checkpoint
RP900: 12/29/2013 3:31:34 PM - System Checkpoint
RP901: 12/30/2013 4:46:06 PM - System Checkpoint
RP902: 12/31/2013 5:34:30 PM - System Checkpoint
RP903: 1/1/2014 8:10:13 PM - System Checkpoint
RP904: 1/3/2014 12:55:13 AM - System Checkpoint
RP905: 1/4/2014 1:45:46 PM - System Checkpoint
RP906: 1/5/2014 2:46:14 PM - System Checkpoint
RP907: 1/6/2014 4:03:04 PM - System Checkpoint
RP908: 1/7/2014 5:41:29 PM - System Checkpoint
RP909: 1/8/2014 7:16:11 PM - System Checkpoint
RP910: 1/9/2014 8:51:58 PM - System Checkpoint
RP911: 1/10/2014 11:06:15 PM - System Checkpoint
RP912: 1/11/2014 2:47:05 PM - Restore Operation
RP913: 1/12/2014 3:52:46 PM - System Checkpoint
RP914: 1/13/2014 9:05:16 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Acoustica Effects Pack
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop 5.0.2
Adobe Photoshop CS5
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto-Tune EFX VST
AV Voice Changer Software 7.0
avast! Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Bandicam
Bandisoft MPEG-1 Decoder
Bonjour
CCleaner
Clownfish for Skype
CraftBukkit
DeaLLExxproess
Dropbox
FileZilla Client 3.7.3
FindBEstDeeeAl
FW LiveUpdate
Google Chrome
Google Drive
Google Update Helper
Guard.Mail.ru
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
InterActual Player
Interlok driver setup x32
iTunes
Java 7 Update 45
Java Auto Updater
Java 7
Linksys Wireless-G PCI Adapter with SRX
Mail.Ru ??????? 2.4.0.511
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Minecraft Note Block Studio version 3.1.3
MSXML 6.0 Parser (KB925673)
Nexon Game Manager
Nexus Mod Manager
Notepad++
NVIDIA Control Panel 306.81
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 306.81
NVIDIA Install Application
NVIDIA nView 136.28
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA Update 1.10.8
NVIDIA Update Components
Paint.NET v3.5.10
Pamela RME 2.0
Panda3D Game Engine
Pando Media Booster
PDF Settings CS5
PunkBuster Services
QuickTime
Realtek AC'97 Audio
RebateRobot Chrome Extension version 2.0.1
Sassafras K2 Client
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB2817183)
Security Update for Windows Internet Explorer 7 (KB2829530)
Security Update for Windows Internet Explorer 7 (KB2838727)
Security Update for Windows Internet Explorer 7 (KB2846071)
Security Update for Windows Internet Explorer 7 (KB2862772)
Security Update for Windows Internet Explorer 7 (KB2870699)
Security Update for Windows Internet Explorer 7 (KB2879017)
Security Update for Windows Internet Explorer 7 (KB2888505)
Security Update for Windows Internet Explorer 7 (KB2898785)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype™ 6.9
SoundTap Streaming Audio Recorder
StarCraft II
Steam
Stencyl
swMSM
Team Fortress 2
Terraria
TopArcadeHits
Twine 1.4 (remove only)
Typing Trainer 8.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.7
WebFldrs XP
WebPlat
WhatPulse version 2.3.1
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1.3
WorldPainter 1.3.1
YoutubePlus
.
==== Event Viewer Messages From Past Week ========
.
1/12/2014 9:49:00 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
1/12/2014 9:42:35 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/12/2014 10:00:07 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/11/2014 2:57:39 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
1/11/2014 2:46:55 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswTdi aswVmm Fips Processor
1/11/2014 2:46:16 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/11/2014 11:22:41 AM, error: Airgo [5002]  - Wireless-G PCI Adapter with SRX : Has determined that the adapter is not functioning properly.
1/11/2014 10:03:30 AM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
.
==== End Of File ===========================
 
Please help

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

BHO: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dllBHO: DeaLLExxproess: {BC50CB4F-1F0F-02B0-6071-25A87AA30C31} - c:\documents and settings\all users\application data\deallexxproess\khT3.dllBHO: FindBEstDeeeAl: {C5AEB1CE-02A6-1EF7-D242-1DF5D5049DF4} - c:\documents and settings\all users\application data\findbestdeeeal\_BzGY.dllAppInit_DLLs= katrack.dll c:\docume~1\alluse~1\applic~1\webplat\webplat.dllR2 ytpUpdater;ytpUpdater;c:\program files\updater\updater.exe [2012-3-26 1730048]2014-01-14 14:08:35 -------- d-----w- c:\documents and settings\all users\application data\nbhmbklijefabdppgdobedndnejdmikp2014-01-14 14:08:35 -------- d-----w- c:\documents and settings\all users\application data\DeaLLExxproess2014-01-14 14:08:09 -------- d-----w- c:\documents and settings\all users\application data\FindBEstDeeeAl[/B]
Link to post
Share on other sites

Hello, thank you for the reply. I couldn't write it down in time, but another threat was blocked from a different IP. This is the text document of RougeKiller:

 

RogueKiller V8.8.1 [Jan 14 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : sl [Admin rights]
Mode : Scan -- Date : 01/14/2014 20:29:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 4 ¤¤¤
[sUSP PATH][DLL] explorer.exe -- C:\WINDOWS\katrack.dll [x] -> UNLOADED
[sUSP PATH][DLL] rundll32.exe -- c:\Documents and Settings\All Users\Application Data\WebPlat\WebPlatSvc.dll [-] -> rundll32.exe KILLED [TermProc]
[sUSP PATH] keyacc32.exe -- C:\WINDOWS\keyacc32.exe [7] -> KILLED [TermProc]
[sUSP PATH] _iu14D2N.tmp -- C:\Documents and Settings\sl\Local Settings\Temp\_iu14D2N.tmp [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT][sUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (katrack.dll c:\docume~1\alluse~1\applic~1\webplat\webplat.dll [x][-]) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
127.0.0.1        dl.dropbox.com
127.0.0.1        www.dl.dropbox.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDT725032VLA360 +++++
--- User ---
[MBR] 1523453341bfffcc2489db5e3440675d
[bSP] b7f09a70f96c4811987df71f1c4b5cb1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 125241 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 256493790 | Size: 180001 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic Flash Disk USB Device +++++
--- User ---
[MBR] 9414e09eb66eef1271ce0d78893d2c49
[bSP] dc07d9e9a248958459a50c062d0694dd : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 218129509 | Size: 831050 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 729050177 | Size: 265612 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2692939776 | Size: 25 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_01142014_202913.txt >>
Link to post
Share on other sites

Do you know what this program is, if not please uninstall it:
WebPlat

Also uninstall all of these:
DeaLLExxproess
FindBEstDeeeAl
TopArcadeHits


Then........

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT][sUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (katrack.dll c:\docume~1\alluse~1\applic~1\webplat\webplat.dll [x][-]) -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Processes tab and put a check next to these and uncheck the rest. (if found)
 

[sUSP PATH][DLL] explorer.exe -- C:\WINDOWS\katrack.dll [x] -> UNLOADED
[sUSP PATH][DLL] rundll32.exe -- c:\Documents and Settings\All Users\Application Data\WebPlat\WebPlatSvc.dll [-] -> rundll32.exe KILLED [TermProc]
[sUSP PATH] keyacc32.exe -- C:\WINDOWS\keyacc32.exe [7] -> KILLED [TermProc]
[sUSP PATH] _iu14D2N.tmp -- C:\Documents and Settings\sl\Local Settings\Temp\_iu14D2N.tmp [-] -> KILLED [TermProc]

Now click Delete on the right hand column under Options

-------------

Then.......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

Ok, I removed

[RUN][sUSP PATH] HKLM\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
But I couldn't find any processes. And when I click Clean, for adwcleaner it freezes. 
Link to post
Share on other sites

Oh, sorry... Yes I did uninstall those, and WebPlat. AdwCleaner will not work... Whenever it cleans it shows a little progress. I left it for 8 hours and it didn't increase at all, the program just freezes. Also when I restarted my computer my standard windows firewall was turned off. 

Link to post
Share on other sites

Did you run Malwarebytes???

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Scan Document:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.17.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
sl :: SLAVA-A38775999 [administrator]
 
Protection: Enabled
 
1/17/2014 5:27:33 PM
mbam-log-2014-01-17 (17-27-33).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: File System | P2P
Objects scanned: 247313
Time elapsed: 2 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Usually the scan takes at least 30 minutes. Sometimes 1-2 hours. 
Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Sorry for the delay.

If you don't use or need these....I suggest you uninstall them:

Guard.Mail.ru (Version: - Mail.ru)
Mail.Ru Спутник 2.4.0.511 (Version: - Mail.Ru)


Then........


Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Next......


thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Last.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Guard.Mail.ru (Version: - Mail.ru)
Mail.Ru Спутник 2.4.0.511 (Version: - Mail.Ru) 

These are just Russian Email, or Facebook. So i'm keeping these.

 

This is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by sl at 2014-01-19 15:20:40 Run:1
Running from C:\Documents and Settings\sl\Desktop\New Folder
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR HKLM\...\Chrome\Extension: [bmbpbcpokffodhpcdjaoopolhdlbconi] - C:\DOCUME~1\sl\LOCALS~1\Temp\tbch.crx [2012-06-07]
CHR HKLM\...\Chrome\Extension: [igmbfhohdmlhejidklhcedcedfjccaem] - C:\Documents and Settings\sl\Application Data\OpenCandy\OpenCandy_F0A2D2A6511E45D5BB6D77010C18943B\opencandy.crx [2013-10-19]
CHR HKLM\...\Chrome\Extension: [jhlpjkggdghflmmfobcclppjdmpepnmh] - C:\Documents and Settings\sl\Application Data\OpenCandy\337B9F5D1A98428F81BB69DDDC4801C9\chrome.crx [2013-10-19]
CHR HKLM\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-10-11]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-10-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AppInit_DLLs: katrack.dll  [ ] ()
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
C:\Documents and Settings\sl\Local Settings\Temp\06nf058OcVDWL6ZPK2Vei.exe
C:\Documents and Settings\sl\Local Settings\Temp\3rn5811e7g0q.dll
C:\Documents and Settings\sl\Local Settings\Temp\5yrCdw1IoSHv3K.exe
C:\Documents and Settings\sl\Local Settings\Temp\98aV6iNIpAN1Dk0JbZkKOX.exe
C:\Documents and Settings\sl\Local Settings\Temp\bdfilters.dll
C:\Documents and Settings\sl\Local Settings\Temp\imhS5u2aZr1vec7HA0XQ9vZ1.dll
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Bukkit-1.5.1-R0.2-10-ga36b376-b2763jnks.dll
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Spigot-1137.dll
C:\Documents and Settings\sl\Local Settings\Temp\lrnGbLk0syDw4Z3ROKj9.exe
C:\Documents and Settings\sl\Local Settings\Temp\mediaget-uninstaller.exe
C:\Documents and Settings\sl\Local Settings\Temp\NGMDll.dll
C:\Documents and Settings\sl\Local Settings\Temp\NGMResource.dll
C:\Documents and Settings\sl\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\sl\Local Settings\Temp\q5xkdcgfxCb1f62mYukb46EUp9oZ.dll
C:\Documents and Settings\sl\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\sl\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\sl\Local Settings\Temp\unicows.dll
C:\Documents and Settings\sl\Local Settings\Temp\WhqOar9wfYyzP5lwXY3G.dll
C:\Documents and Settings\sl\Local Settings\Temp\Y4903GBVE26H.dll
C:\Documents and Settings\sl\Local Settings\Temp\yiqFzuVYf8yq4p.exe
C:\Documents and Settings\sl\Local Settings\Temp\ytb.exe
C:\Documents and Settings\sl\Local Settings\Temp\ZaWBkUun8T1.dll
C:\Documents and Settings\sl\Local Settings\Temp\zl8VSdzU7PRYwvWw1kpa7x.exe
 
 
 
*****************
 
HKLM\SOFTWARE\Google\Chrome\Extensions\bmbpbcpokffodhpcdjaoopolhdlbconi => Key deleted successfully.
C:\DOCUME~1\sl\LOCALS~1\Temp\tbch.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\igmbfhohdmlhejidklhcedcedfjccaem => Key deleted successfully.
"C:\Documents and Settings\sl\Application Data\OpenCandy\OpenCandy_F0A2D2A6511E45D5BB6D77010C18943B\opencandy.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jhlpjkggdghflmmfobcclppjdmpepnmh => Key deleted successfully.
"C:\Documents and Settings\sl\Application Data\OpenCandy\337B9F5D1A98428F81BB69DDDC4801C9\chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif => Key deleted successfully.
C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif => Key deleted successfully.
"C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"AppInit_DLLs: katrack.dll  [ ] ()" => Value Data not found.
Default URLSearchHook was restored successfully .
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
C:\Documents and Settings\sl\Local Settings\Temp\06nf058OcVDWL6ZPK2Vei.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\3rn5811e7g0q.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\5yrCdw1IoSHv3K.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\98aV6iNIpAN1Dk0JbZkKOX.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\bdfilters.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\imhS5u2aZr1vec7HA0XQ9vZ1.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Bukkit-1.5.1-R0.2-10-ga36b376-b2763jnks.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Spigot-1137.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\lrnGbLk0syDw4Z3ROKj9.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\mediaget-uninstaller.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\NGMDll.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\NGMResource.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\q5xkdcgfxCb1f62mYukb46EUp9oZ.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\unicows.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\WhqOar9wfYyzP5lwXY3G.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\Y4903GBVE26H.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\yiqFzuVYf8yq4p.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\ytb.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\ZaWBkUun8T1.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\zl8VSdzU7PRYwvWw1kpa7x.exe => Moved successfully.
 
==== End of Fixlog ====
 
Here is the JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by sl on Sun 01/19/2014 at 15:25:27.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\vid-saver
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033343391}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055345591}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044344491}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2304157
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440044344491}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\blekko toolbars"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wecarereminder"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Application Data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Application Data\searchquband"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\ilivid player"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\vid-saver"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Program Files\vid-saver"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\start menu\programs\toparcadehits"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/19/2014 at 15:45:42.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And... Here is the Quick Scan .txt from Malwarebytes:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.19.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
sl :: SLAVA-A38775999 [administrator]
 
Protection: Enabled
 
1/19/2014 3:49:19 PM
mbam-log-2014-01-19 (15-49-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: File System | P2P
Objects scanned: 247546
Time elapsed: 3 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
Link to post
Share on other sites

 

Guard.Mail.ru (Version: - Mail.ru)

Mail.Ru Спутник 2.4.0.511 (Version: - Mail.Ru) 

These are just Russian Email, or Facebook. So i'm keeping these.

 

This is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by sl at 2014-01-19 15:20:40 Run:1
Running from C:\Documents and Settings\sl\Desktop\New Folder
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CHR HKLM\...\Chrome\Extension: [bmbpbcpokffodhpcdjaoopolhdlbconi] - C:\DOCUME~1\sl\LOCALS~1\Temp\tbch.crx [2012-06-07]
CHR HKLM\...\Chrome\Extension: [igmbfhohdmlhejidklhcedcedfjccaem] - C:\Documents and Settings\sl\Application Data\OpenCandy\OpenCandy_F0A2D2A6511E45D5BB6D77010C18943B\opencandy.crx [2013-10-19]
CHR HKLM\...\Chrome\Extension: [jhlpjkggdghflmmfobcclppjdmpepnmh] - C:\Documents and Settings\sl\Application Data\OpenCandy\337B9F5D1A98428F81BB69DDDC4801C9\chrome.crx [2013-10-19]
CHR HKLM\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-10-11]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-10-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AppInit_DLLs: katrack.dll  [ ] ()
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
C:\Documents and Settings\sl\Local Settings\Temp\06nf058OcVDWL6ZPK2Vei.exe
C:\Documents and Settings\sl\Local Settings\Temp\3rn5811e7g0q.dll
C:\Documents and Settings\sl\Local Settings\Temp\5yrCdw1IoSHv3K.exe
C:\Documents and Settings\sl\Local Settings\Temp\98aV6iNIpAN1Dk0JbZkKOX.exe
C:\Documents and Settings\sl\Local Settings\Temp\bdfilters.dll
C:\Documents and Settings\sl\Local Settings\Temp\imhS5u2aZr1vec7HA0XQ9vZ1.dll
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Bukkit-1.5.1-R0.2-10-ga36b376-b2763jnks.dll
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Spigot-1137.dll
C:\Documents and Settings\sl\Local Settings\Temp\lrnGbLk0syDw4Z3ROKj9.exe
C:\Documents and Settings\sl\Local Settings\Temp\mediaget-uninstaller.exe
C:\Documents and Settings\sl\Local Settings\Temp\NGMDll.dll
C:\Documents and Settings\sl\Local Settings\Temp\NGMResource.dll
C:\Documents and Settings\sl\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\sl\Local Settings\Temp\q5xkdcgfxCb1f62mYukb46EUp9oZ.dll
C:\Documents and Settings\sl\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\sl\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\sl\Local Settings\Temp\unicows.dll
C:\Documents and Settings\sl\Local Settings\Temp\WhqOar9wfYyzP5lwXY3G.dll
C:\Documents and Settings\sl\Local Settings\Temp\Y4903GBVE26H.dll
C:\Documents and Settings\sl\Local Settings\Temp\yiqFzuVYf8yq4p.exe
C:\Documents and Settings\sl\Local Settings\Temp\ytb.exe
C:\Documents and Settings\sl\Local Settings\Temp\ZaWBkUun8T1.dll
C:\Documents and Settings\sl\Local Settings\Temp\zl8VSdzU7PRYwvWw1kpa7x.exe
 
 
 
*****************
 
HKLM\SOFTWARE\Google\Chrome\Extensions\bmbpbcpokffodhpcdjaoopolhdlbconi => Key deleted successfully.
C:\DOCUME~1\sl\LOCALS~1\Temp\tbch.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\igmbfhohdmlhejidklhcedcedfjccaem => Key deleted successfully.
"C:\Documents and Settings\sl\Application Data\OpenCandy\OpenCandy_F0A2D2A6511E45D5BB6D77010C18943B\opencandy.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\jhlpjkggdghflmmfobcclppjdmpepnmh => Key deleted successfully.
"C:\Documents and Settings\sl\Application Data\OpenCandy\337B9F5D1A98428F81BB69DDDC4801C9\chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif => Key deleted successfully.
C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif => Key deleted successfully.
"C:\Documents and Settings\sl\Local Settings\Application Data\CRE\kfkcangbigakljkjeglcofaomihpejif.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"AppInit_DLLs: katrack.dll  [ ] ()" => Value Data not found.
Default URLSearchHook was restored successfully .
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
C:\Documents and Settings\sl\Local Settings\Temp\06nf058OcVDWL6ZPK2Vei.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\3rn5811e7g0q.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\5yrCdw1IoSHv3K.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\98aV6iNIpAN1Dk0JbZkKOX.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\bdfilters.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\imhS5u2aZr1vec7HA0XQ9vZ1.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Bukkit-1.5.1-R0.2-10-ga36b376-b2763jnks.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\jansi-32-git-Spigot-1137.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\lrnGbLk0syDw4Z3ROKj9.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\mediaget-uninstaller.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\NGMDll.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\NGMResource.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\q5xkdcgfxCb1f62mYukb46EUp9oZ.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\unicows.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\WhqOar9wfYyzP5lwXY3G.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\Y4903GBVE26H.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\yiqFzuVYf8yq4p.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\ytb.exe => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\ZaWBkUun8T1.dll => Moved successfully.
C:\Documents and Settings\sl\Local Settings\Temp\zl8VSdzU7PRYwvWw1kpa7x.exe => Moved successfully.
 
==== End of Fixlog ====
 
Here is the JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by sl on Sun 01/19/2014 at 15:25:27.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\vid-saver
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033343391}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055345591}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044344491}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2304157
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440044344491}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0877D540-4E36-4DF4-BA60-455B4E34840B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a17cc547-016c-4a35-a95b-de64acafa170}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\blekko toolbars"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\wecarereminder"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Application Data\iwin"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Application Data\searchquband"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\ilivid player"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\Local Settings\Application Data\vid-saver"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Program Files\vid-saver"
Successfully deleted: [Folder] "C:\Documents and Settings\sl\start menu\programs\toparcadehits"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/19/2014 at 15:45:42.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And... Here is the Quick Scan .txt from Malwarebytes:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.19.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
sl :: SLAVA-A38775999 [administrator]
 
Protection: Enabled
 
1/19/2014 3:49:19 PM
mbam-log-2014-01-19 (15-49-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: File System | P2P
Objects scanned: 247546
Time elapsed: 3 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 

 

Also, Malwarebytes is still blocking new, and sometime the original malicious websites.

Link to post
Share on other sites

See if you can run AdwCleaner now:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
MrC
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.