Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Was in process of removing malware BUT stopped in process!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Was in process of removing malware BUT stopped in process!

Unread postby TrucknMom2 » March 12th, 2013, 4:34 pm

I was working with wbg here on this site but my internet went down and am now back up and ready to complete the process. I am sending dds.txt and attach.txt. Should you have more questions just ask.
Also, I am not a pro on this at all..so please bare with me..:)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:26:57 on 2013-03-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.28 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Hoolapp Android] "c:\docume~1\owner\applic~1\hoolap~1\Hoolapp.exe" /Minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4589066690
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 1872922859
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5E0D0766-8E3C-43B6-A7C7-3349999721D2} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs=
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-01-29 13:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - ExtSQL: 2013-02-06 22:54; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: !HIDDEN! 2013-01-29 13:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-6 65848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-5 361032]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-30 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-6 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-6 166840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-5 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-5 44808]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-16 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-2-6 976728]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-12-5 668912]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S2 X4HSEx;X4HSEx;\??\c:\program files\free ride games\x4hsex.sys --> c:\program files\free ride games\X4HSEx.Sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-03-04 14:36:53 -------- d-----w- c:\program files\ESET
2013-02-28 08:06:10 -------- d-----w- C:\_OTL
2013-02-19 22:33:42 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2013-02-27 04:43:47 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-27 04:43:46 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-06 13:59:20 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 15:28:08.11 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2009 11:20:01 AM
System Uptime: 3/8/2013 12:18:04 PM (99 hours ago)
.
Motherboard: Dell Computer Corp. | | 02X378
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1992/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 9.211 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1160: 2/22/2013 9:25:08 AM - System Checkpoint
RP1161: 2/23/2013 10:08:58 AM - System Checkpoint
RP1162: 2/24/2013 11:06:04 AM - System Checkpoint
RP1163: 2/25/2013 10:39:29 AM - Removed Java(TM) 6 Update 22
RP1164: 2/25/2013 10:41:24 AM - Removed Java(TM) 6 Update 31
RP1165: 2/26/2013 12:02:57 PM - System Checkpoint
RP1166: 2/27/2013 12:22:05 PM - System Checkpoint
RP1167: 2/28/2013 1:51:57 AM - Removed Adobe Reader 9.5.4.
RP1168: 3/1/2013 1:57:14 AM - System Checkpoint
RP1169: 3/1/2013 10:35:24 AM - OTL Restore Point - 3/1/2013 10:35:13 AM
RP1170: 3/2/2013 10:36:41 AM - System Checkpoint
RP1171: 3/3/2013 12:47:00 PM - System Checkpoint
RP1172: 3/4/2013 12:49:05 PM - System Checkpoint
RP1173: 3/5/2013 12:59:29 PM - System Checkpoint
RP1174: 3/6/2013 1:13:16 PM - System Checkpoint
RP1175: 3/7/2013 2:16:34 PM - System Checkpoint
RP1176: 3/8/2013 2:24:30 PM - System Checkpoint
RP1177: 3/9/2013 2:53:39 PM - System Checkpoint
RP1178: 3/10/2013 4:39:02 PM - System Checkpoint
RP1179: 3/11/2013 4:53:01 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop.com Uploader
avast! Free Antivirus
BufferChm
C4600
Comcast Desktop Software (v1.2.1)
Compatibility Pack for the 2007 Office system
CustomerResearchQFolder
D1300
D1300_Help
Defraggler
Destinations
DeviceDiscovery
Dropbox
ESET Online Scanner v3
eSupportQFolder
Facebook Plug-In
FUJIFILM MyFinePix Studio 1.0
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart and Deskjet 7.0 Software
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
HP Photosmart Essential
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
LogMeIn
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PS_AIO_05_C4600_Software_Min
QuickTime
QuickTransfer
Rapport
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoImpression
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XFINITY Caller ID
.
==== Event Viewer Messages From Past Week ========
.
3/8/2013 12:19:50 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
3/7/2013 12:06:31 PM, error: Service Control Manager [7000] - The X4HSEx service failed to start due to the following error: The system cannot find the path specified.
3/12/2013 2:46:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/12/2013 11:45:22 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/12/2013 11:45:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
.
==== End Of File ===========================
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm
Advertisement
Register to Remove

Re: Was in process of removing malware BUT stopped in proces

Unread postby Cypher » March 13th, 2013, 2:54 pm

Hi,
Welcome back to Malware Removal Forum.
I was working with wbg here on this site but my internet went down and am now back up and ready to complete the process.

I reviewed your previous topic.
How is your computer performing now, are you experiencing any problems?
Let me know in your next reply please.

Please download Malwarebytes' Anti-Malware and save to your desktop.
  • Double - click mbam-setup.exe then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double - click on adwcleaner.exe to run it.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • AdwCleaner log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 14th, 2013, 12:21 am

Hello Cypher and thank you for your help.
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOMES-9448A7F3B [administrator]

Protection: Enabled

3/13/2013 10:42:12 PM
mbam-log-2013-03-13 (22-42-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263016
Time elapsed: 20 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\Downloads\driverperformer_Zsetup.exe (PUP.Adware.Agent) -> No action taken.

(end)
I am sending this prior to doing the 2nd step so I can close my browser..will reply when finished.. :)
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 14th, 2013, 12:37 am

wow...this one is long...glad you know what you're looking for..haha..because it's all greek to me..j/k
and today my computer was not cooperating at all..if I searched for anything it'd be redirected, and when on facebook it'd do a lot of 'program is not responding' and take forever or just freeze so I'd turn it off or restart it to continue what I was doing.
I normally use avast antivirus and it ran a scan automatically because my computer was on and it showed me like 88 things affected but I did nothing with them as I was thinking I'd still be able to show WBG (who I was working with prior to you) but I hope those results etc are still in avast's files because I chose to 'do nothing' rather than 'move to chest', if you'd like to see them let me know.
Thank you...
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 14th, 2013, 12:39 am

Sorry..I forgot to add the log you needed..duh..:)

# AdwCleaner v2.114 - Logfile created 03/13/2013 at 23:27:42
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOMES-9448A7F3B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\searchplugins\SearchResults.xml
File Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\searchplugins\WebSearch.xml
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\~0
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\Owner\Application Data\facemoods.com
Folder Found : C:\Documents and Settings\Owner\Application Data\iWin
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\extensions\smartdeals@smart-deals.com
Folder Found : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\verizontb
Folder Found : C:\Documents and Settings\Owner\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Owner\Application Data\verizontb
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\verizontb

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\PlaySushi
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\PlaySushi32.PlaySushi
Key Found : HKLM\SOFTWARE\Classes\PlaySushi32.PlaySushi.1
Key Found : HKLM\SOFTWARE\Classes\PSText.IEButton
Key Found : HKLM\SOFTWARE\Classes\PSText.IEButton.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3036369
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AA2E16F2-387A-415F-BA95-B89BAF3AF109}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKU\S-1-5-21-73586283-1202660629-1644491937-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\prefs.js

Found : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2776682.CTID", "CT2776682");
Found : user_pref("CT2776682.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2776682.CurrentServerDate", "13-12-2010");
Found : user_pref("CT2776682.DialogsAlignMode", "LTR");
Found : user_pref("CT2776682.DownloadReferralCookieData", "");
Found : user_pref("CT2776682.EMailNotifierPollDate", "Mon Dec 13 2010 11:55:09 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2776682.FirstServerDate", "27-10-2010");
Found : user_pref("CT2776682.FirstTime", true);
Found : user_pref("CT2776682.FirstTimeFF3", true);
Found : user_pref("CT2776682.FixPageNotFoundErrors", true);
Found : user_pref("CT2776682.GroupingInvalidateCache", false);
Found : user_pref("CT2776682.GroupingLastCheckTime", "0");
Found : user_pref("CT2776682.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2776682.Initialize", true);
Found : user_pref("CT2776682.InitializeCommonPrefs", true);
Found : user_pref("CT2776682.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2776682.InstallationId", "Integrated_BrotherSoft_Extrme.exe");
Found : user_pref("CT2776682.InstallationType", "ConduitIntegration");
Found : user_pref("CT2776682.InstalledDate", "Wed Oct 27 2010 10:56:57 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2776682.InvalidateCache", false);
Found : user_pref("CT2776682.IsGrouping", false);
Found : user_pref("CT2776682.IsMulticommunity", false);
Found : user_pref("CT2776682.IsOpenThankYouPage", false);
Found : user_pref("CT2776682.IsOpenUninstallPage", true);
Found : user_pref("CT2776682.LanguagePackLastCheckTime", "Sun Dec 12 2010 14:39:24 GMT-0600 (Central Standar[...]
Found : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2776682.LastLogin_3.1.0.12", "Mon Dec 13 2010 11:03:59 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2776682.LatestVersion", "3.2.5.2");
Found : user_pref("CT2776682.Locale", "en");
Found : user_pref("CT2776682.MCDetectTooltipHeight", "83");
Found : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2776682.MCDetectTooltipWidth", "295");
Found : user_pref("CT2776682.RadioIsPodcast", false);
Found : user_pref("CT2776682.RadioLastCheckTime", "Mon Dec 13 2010 11:04:02 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2776682.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2776682.RadioLastUpdateServer", "3");
Found : user_pref("CT2776682.RadioMediaID", "9962");
Found : user_pref("CT2776682.RadioMediaType", "Media Player");
Found : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
Found : user_pref("CT2776682.RadioStationName", "California%20Rock");
Found : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2776682.SavedHomepage", "hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP");
Found : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
Found : user_pref("CT2776682.SearchInNewTabEnabled", true);
Found : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Mon Dec 13 2010 09:49:05 GMT-0600 (Central Stand[...]
Found : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2776682.ServiceMapLastCheckTime", "Mon Dec 13 2010 09:49:20 GMT-0600 (Central Standard [...]
Found : user_pref("CT2776682.SettingsLastCheckTime", "Mon Dec 13 2010 11:03:54 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2776682.SettingsLastUpdate", "1292254666");
Found : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Sun Dec 05 2010 09:48:56 GMT-0600 (Central Sta[...]
Found : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2776682.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2776682.Uninstall", true);
Found : user_pref("CT2776682.UserID", "UN78195492192514112");
Found : user_pref("CT2776682.ValidationData_Search", 1);
Found : user_pref("CT2776682.ValidationData_Toolbar", 2);
Found : user_pref("CT2776682.WeatherNetwork", "");
Found : user_pref("CT2776682.WeatherPollDate", "Mon Dec 13 2010 11:44:12 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2776682.WeatherUnit", "F");
Found : user_pref("CT2776682.alertChannelId", "1168776");
Found : user_pref("CT2776682.backendstorage.groupon_last_received", "687474703A2F2F7777772E67726F75706F6E2E6[...]
Found : user_pref("CT2776682.backendstorage.groupon_next_deal", "7365612D746F2D796F752D73757368692D626F73746[...]
Found : user_pref("CT2776682.backendstorage.groupon_user_location", "626F73746F6E");
Found : user_pref("CT2776682.backendstorage.groupon_user_location_name", "426F73746F6E");
Found : user_pref("CT2776682.clientLogIsEnabled", true);
Found : user_pref("CT2776682.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2776682.components.2192822291674660562", false);
Found : user_pref("CT2776682.myStuffEnabled", true);
Found : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Sun Dec 05 2010 09:49:50 GMT-0600 (Central S[...]
Found : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Wed Oct 27 2010 10:57:03 GMT-0500 (Central D[...]
Found : user_pref("CT2776682.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2776682.usagesFlag", 2);
Found : user_pref("CT2856425..clientLogIsEnabled", false);
Found : user_pref("CT2856425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2856425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2856425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2856425.CTID", "CT2856425");
Found : user_pref("CT2856425.Chat.ServerLastCheckTime", "Sun Dec 19 2010 08:21:23 GMT-0600 (Central Standard[...]
Found : user_pref("CT2856425.CurrentServerDate", "29-12-2010");
Found : user_pref("CT2856425.DialogsAlignMode", "LTR");
Found : user_pref("CT2856425.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2856425.EMailNotifierPollDate", "Fri Dec 24 2010 06:57:51 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2856425.EnableClickToSearchBox", false);
Found : user_pref("CT2856425.EnableSearchHistory", true);
Found : user_pref("CT2856425.EnableSearchSuggest", false);
Found : user_pref("CT2856425.ExternalComponentPollDate129355808684912503", "Sun Dec 19 2010 08:21:22 GMT-060[...]
Found : user_pref("CT2856425.ExternalComponentPollDate129355808684912504", "Mon Dec 27 2010 21:31:27 GMT-060[...]
Found : user_pref("CT2856425.ExternalComponentPollDate129355808685381259", "Mon Dec 27 2010 21:31:27 GMT-060[...]
Found : user_pref("CT2856425.FirstServerDate", "17-12-2010");
Found : user_pref("CT2856425.FirstTime", true);
Found : user_pref("CT2856425.FirstTimeFF3", true);
Found : user_pref("CT2856425.FixPageNotFoundErrors", true);
Found : user_pref("CT2856425.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2856425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2856425.HasUserGlobalKeys", true);
Found : user_pref("CT2856425.Initialize", true);
Found : user_pref("CT2856425.InitializeCommonPrefs", true);
Found : user_pref("CT2856425.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2856425.InstalledDate", "Thu Dec 16 2010 16:47:34 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2856425.InvalidateCache", false);
Found : user_pref("CT2856425.IsGrouping", false);
Found : user_pref("CT2856425.IsMulticommunity", false);
Found : user_pref("CT2856425.IsOpenThankYouPage", true);
Found : user_pref("CT2856425.IsOpenUninstallPage", true);
Found : user_pref("CT2856425.LanguagePackLastCheckTime", "Mon Dec 27 2010 18:32:55 GMT-0600 (Central Standar[...]
Found : user_pref("CT2856425.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2856425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2856425.LastLogin_3.2.5.2", "Tue Dec 28 2010 15:02:29 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2856425.LatestVersion", "3.2.5.2");
Found : user_pref("CT2856425.Locale", "en");
Found : user_pref("CT2856425.MCDetectTooltipHeight", "83");
Found : user_pref("CT2856425.MCDetectTooltipShow", false);
Found : user_pref("CT2856425.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2856425.MCDetectTooltipWidth", "295");
Found : user_pref("CT2856425.RadioIsPodcast", false);
Found : user_pref("CT2856425.RadioLastCheckTime", "Thu Dec 23 2010 18:33:23 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2856425.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2856425.RadioLastUpdateServer", "3");
Found : user_pref("CT2856425.RadioMediaID", "9974");
Found : user_pref("CT2856425.RadioMediaType", "Media Player");
Found : user_pref("CT2856425.RadioMenuSelectedID", "EBRadioMenu_CT2856425_RECENT9974");
Found : user_pref("CT2856425.RadioStationName", "Grooveradio.com");
Found : user_pref("CT2856425.RadioStationURL", "hxxp://www.grooveradio.com/streams/grooveradio.asx");
Found : user_pref("CT2856425.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2856425.SearchBackToDefaultEngine", true);
Found : user_pref("CT2856425.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2856425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Found : user_pref("CT2856425.SearchInNewTabEnabled", true);
Found : user_pref("CT2856425.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2856425.SearchInNewTabLastCheckTime", "Mon Dec 27 2010 18:32:36 GMT-0600 (Central Stand[...]
Found : user_pref("CT2856425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2856425.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2856425.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2856425.ServiceMapLastCheckTime", "Mon Dec 27 2010 18:32:55 GMT-0600 (Central Standard [...]
Found : user_pref("CT2856425.SettingsLastCheckTime", "Tue Dec 28 2010 15:53:06 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2856425.SettingsLastUpdate", "1291704992");
Found : user_pref("CT2856425.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2856425.ThirdPartyComponentsLastCheck", "Thu Dec 16 2010 16:47:19 GMT-0600 (Central Sta[...]
Found : user_pref("CT2856425.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2856425.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2856425.Uninstall", true);
Found : user_pref("CT2856425.UserID", "UN74227647107010023");
Found : user_pref("CT2856425.ValidationData_Search", 2);
Found : user_pref("CT2856425.ValidationData_Toolbar", 2);
Found : user_pref("CT2856425.WeatherNetwork", "");
Found : user_pref("CT2856425.WeatherPollDate", "Fri Dec 24 2010 06:52:09 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2856425.WeatherUnit", "F");
Found : user_pref("CT2856425.alertChannelId", "1248449");
Found : user_pref("CT2856425.components.1000034", false);
Found : user_pref("CT2856425.components.1000082", false);
Found : user_pref("CT2856425.components.1000234", false);
Found : user_pref("CT2856425.components.1001", true);
Found : user_pref("CT2856425.components.1010001", false);
Found : user_pref("CT2856425.components.129355808684912503", false);
Found : user_pref("CT2856425.components.129355808685381258", false);
Found : user_pref("CT2856425.components.129355808685537510", false);
Found : user_pref("CT2856425.myStuffEnabled", true);
Found : user_pref("CT2856425.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2856425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2856425.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2856425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2856425.testingCtid", "");
Found : user_pref("CT2856425.toolbarAppMetaDataLastCheckTime", "Mon Dec 27 2010 18:32:55 GMT-0600 (Central S[...]
Found : user_pref("CT2856425.toolbarContextMenuLastCheckTime", "Thu Dec 16 2010 16:47:34 GMT-0600 (Central S[...]
Found : user_pref("CT2856425.usageEnabled", false);
Found : user_pref("CT2856425.usagesFlag", 2);
Found : user_pref("CT3036369..clientLogIsEnabled", false);
Found : user_pref("CT3036369..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3036369..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3036369.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3036369.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3036369.AppTrackingLastCheckTime", "Wed Aug 15 2012 05:40:52 GMT-0500 (Central Daylight[...]
Found : user_pref("CT3036369.BrowserCompStateIsOpen_1000515", true);
Found : user_pref("CT3036369.BrowserCompStateIsOpen_129645376245972157", true);
Found : user_pref("CT3036369.BrowserCompStateIsOpen_129682583925406364", true);
Found : user_pref("CT3036369.BrowserCompStateIsOpen_130045509697882483", true);
Found : user_pref("CT3036369.BrowserCompStateIsOpen_1359634299000", true);
Found : user_pref("CT3036369.CT3036369", "CT3036369");
Found : user_pref("CT3036369.CurrentServerDate", "1-3-2013");
Found : user_pref("CT3036369.DSInstall", false);
Found : user_pref("CT3036369.DialogsAlignMode", "LTR");
Found : user_pref("CT3036369.DialogsGetterLastCheckTime", "Fri Mar 01 2013 10:04:07 GMT-0600 (Central Standa[...]
Found : user_pref("CT3036369.DownloadReferralCookieData", "");
Found : user_pref("CT3036369.EMailNotifierPollDate", "Wed Aug 08 2012 22:33:16 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT3036369.FirstServerDate", "5-6-2012");
Found : user_pref("CT3036369.FirstTime", true);
Found : user_pref("CT3036369.FirstTimeFF3", true);
Found : user_pref("CT3036369.FirstTimeHiddenVer", true);
Found : user_pref("CT3036369.FixPageNotFoundErrors", false);
Found : user_pref("CT3036369.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3036369.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3036369.HPInstall", false);
Found : user_pref("CT3036369.HasUserGlobalKeys", true);
Found : user_pref("CT3036369.HomePageProtectorEnabled", false);
Found : user_pref("CT3036369.HomepageBeforeUnload", "about:home");
Found : user_pref("CT3036369.Initialize", true);
Found : user_pref("CT3036369.InitializeCommonPrefs", true);
Found : user_pref("CT3036369.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3036369.InstallationType", "Unknown");
Found : user_pref("CT3036369.InstalledDate", "Mon Jun 04 2012 22:08:43 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3036369.InvalidateCache", false);
Found : user_pref("CT3036369.IsAlertDBUpdated", true);
Found : user_pref("CT3036369.IsGrouping", false);
Found : user_pref("CT3036369.IsInitSetupIni", true);
Found : user_pref("CT3036369.IsMulticommunity", false);
Found : user_pref("CT3036369.IsOpenThankYouPage", true);
Found : user_pref("CT3036369.IsOpenUninstallPage", true);
Found : user_pref("CT3036369.IsProtectorsInit", true);
Found : user_pref("CT3036369.LanguagePackLastCheckTime", "Thu Feb 28 2013 11:33:06 GMT-0600 (Central Standar[...]
Found : user_pref("CT3036369.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3036369.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3036369.LastLogin_3.13.0.6", "Sat Jul 14 2012 15:13:06 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3036369.LastLogin_3.14.1.0", "Tue Aug 21 2012 20:44:56 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3036369.LastLogin_3.15.1.0", "Sat Jan 12 2013 03:09:20 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT3036369.LastLogin_3.16.0.3", "Sun Feb 10 2013 17:19:24 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT3036369.LastLogin_3.18.0.7", "Fri Mar 01 2013 09:47:45 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT3036369.LatestVersion", "3.18.0.7");
Found : user_pref("CT3036369.Locale", "en");
Found : user_pref("CT3036369.MCDetectTooltipHeight", "83");
Found : user_pref("CT3036369.MCDetectTooltipShow", false);
Found : user_pref("CT3036369.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3036369.MCDetectTooltipWidth", "295");
Found : user_pref("CT3036369.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3036369.OriginalFirstVersion", "3.13.0.6");
Found : user_pref("CT3036369.RadioIsPodcast", false);
Found : user_pref("CT3036369.RadioLastCheckTime", "Sat Sep 22 2012 18:10:09 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3036369.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3036369.RadioLastUpdateServer", "3");
Found : user_pref("CT3036369.RadioMediaID", "9964");
Found : user_pref("CT3036369.RadioMediaType", "Media Player");
Found : user_pref("CT3036369.RadioMenuSelectedID", "EBRadioMenu_CT3036369_RECENT9964");
Found : user_pref("CT3036369.RadioShrinked", "expanded");
Found : user_pref("CT3036369.RadioShrinkedFromSetup", false);
Found : user_pref("CT3036369.RadioStationName", "Rock%20%26%20Gol");
Found : user_pref("CT3036369.RadioStationURL", "hxxp://pointers.audiovideoweb.com/asxfiles-live/ca25winlive2[...]
Found : user_pref("CT3036369.SHRINK_TOOLBAR", 0);
Found : user_pref("CT3036369.SearchCaption", "Serif DrawPlus Customized Web Search");
Found : user_pref("CT3036369.SearchEngineBeforeUnload", "iLivid Web Search");
Found : user_pref("CT3036369.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3036369.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT303[...]
Found : user_pref("CT3036369.SearchInNewTabEnabled", true);
Found : user_pref("CT3036369.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3036369.SearchInNewTabLastCheckTime", "Thu Feb 28 2013 11:32:31 GMT-0600 (Central Stand[...]
Found : user_pref("CT3036369.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3036369.SearchInNewTabUserEnabled", false);
Found : user_pref("CT3036369.SearchProtectorEnabled", false);
Found : user_pref("CT3036369.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3036369.SendProtectorDataViaLogin", true);
Found : user_pref("CT3036369.ServiceMapLastCheckTime", "Thu Feb 28 2013 11:32:51 GMT-0600 (Central Standard [...]
Found : user_pref("CT3036369.SettingsLastCheckTime", "Fri Mar 01 2013 09:47:37 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT3036369.SettingsLastUpdate", "1362141232");
Found : user_pref("CT3036369.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3036369&SearchSource=13");
Found : user_pref("CT3036369.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3036369.ThirdPartyComponentsLastCheck", "Wed Sep 19 2012 06:30:58 GMT-0500 (Central Day[...]
Found : user_pref("CT3036369.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3036369.ToolbarShrinkedFromSetup", true);
Found : user_pref("CT3036369.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3036369");
Found : user_pref("CT3036369.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3036369.UserID", "UN23377772217623494");
Found : user_pref("CT3036369.ValidationData_Search", 2);
Found : user_pref("CT3036369.ValidationData_Toolbar", 2);
Found : user_pref("CT3036369.WeatherNetwork", "");
Found : user_pref("CT3036369.WeatherPollDate", "Tue Sep 25 2012 23:05:22 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3036369.WeatherUnit", "F");
Found : user_pref("CT3036369.alertChannelId", "1427944");
Found : user_pref("CT3036369.approveUntrustedApps", false);
Found : user_pref("CT3036369.autoDisableScopes", -1);
Found : user_pref("CT3036369.backendstorage.2956691a129435476717737888000000paramsgk", "7B227570646174655265[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815512850763056000000paramsgk1", "7B22757064617465526[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000paramsgk0", "7B22757064617465526[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000twittertemplate_notify_followers[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000twittertemplate_notify_followers[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000twittertemplate_notify_following[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000twittertemplate_notify_following[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000twittertemplate_notify_home", "3[...]
Found : user_pref("CT3036369.backendstorage.3036369a129815514326263578000000twittertemplate_notify_home_coun[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382375908594000000paramsgk0", "7B22757064617465526[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382531388508000000paramsgk0", "7B22757064617465526[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382531388508000000paramsgk1", "7B22757064617465526[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000paramsgk0", "7B22757064617465526[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000twittertemplate_notify_followers[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000twittertemplate_notify_followers[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000twittertemplate_notify_following[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000twittertemplate_notify_following[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000twittertemplate_notify_home", "3[...]
Found : user_pref("CT3036369.backendstorage.3036369a129836382654814845000000twittertemplate_notify_home_coun[...]
Found : user_pref("CT3036369.backendstorage.cachedprofile3036369a129836382531388508000000", "536572696653757[...]
Found : user_pref("CT3036369.backendstorage.cb_experience_000", "3437");
Found : user_pref("CT3036369.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT3036369.backendstorage.cb_user_id_000", "43423337393333363039373234365F46697265666F78")[...]
Found : user_pref("CT3036369.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT3036369.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT3036369.backendstorage.cbfirsttime", "4D6F6E204A756E20303420323031322030343A32313A33302[...]
Found : user_pref("CT3036369.backendstorage.facebook_mode", "32");
Found : user_pref("CT3036369.backendstorage.facebook_template_cachetime_3036369a129836382531388508000000", "[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_comments_3036369a129836382531388508000000_1220[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_events_3036369a129836382531388508000000", "253[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_info_3036369a129836382531388508000000", "25374[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_last_visit_tab_3036369a12983638253138850800000[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_likes_3036369a129836382531388508000000", "6E75[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_photos_3036369a129836382531388508000000", "253[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_video_3036369a129836382531388508000000", "6E75[...]
Found : user_pref("CT3036369.backendstorage.facebook_template_wall_3036369a129836382531388508000000", "25374[...]
Found : user_pref("CT3036369.backendstorage.facebook_user_locale", "656E");
Found : user_pref("CT3036369.backendstorage.facebook_user_name_3036369a129836382531388508000000", "50616D204[...]
Found : user_pref("CT3036369.backendstorage.facebooktemplate_3036369a129836382531388508000000_lang", "454E")[...]
Found : user_pref("CT3036369.backendstorage.shoppingapp.gk.exipres", "5468752053657020323720323031322031383A[...]
Found : user_pref("CT3036369.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT3036369.backendstorage.twittertemplate_3036369a129815514326263578000000_dailyactivity",[...]
Found : user_pref("CT3036369.backendstorage.twittertemplate_3036369a129815514326263578000000_lifetimesent", [...]
Found : user_pref("CT3036369.backendstorage.twittertemplate_3036369a129836382654814845000000_dailyactivity",[...]
Found : user_pref("CT3036369.backendstorage.twittertemplate_3036369a129836382654814845000000_lifetimesent", [...]
Found : user_pref("CT3036369.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2F7[...]
Found : user_pref("CT3036369.backendstorage.youtubetemplate_3036369a129836382375908594000000_lang", "454E");
Found : user_pref("CT3036369.backendstorage.youtubetemplate_lastopenappdate3036369a129836382375908594000000"[...]
Found : user_pref("CT3036369.backendstorage.youtubetemplate_param_f", "30");
Found : user_pref("CT3036369.backendstorage.youtubetemplate_username_3036369a129836382375908594000000", "536[...]
Found : user_pref("CT3036369.components.1000034", false);
Found : user_pref("CT3036369.components.1000080", true);
Found : user_pref("CT3036369.components.1000082", false);
Found : user_pref("CT3036369.components.1000515", false);
Found : user_pref("CT3036369.components.129530392268523514", false);
Found : user_pref("CT3036369.components.129530392268640707", false);
Found : user_pref("CT3036369.components.129530392268757900", false);
Found : user_pref("CT3036369.components.129530392268845795", false);
Found : user_pref("CT3036369.components.129530392269959123", false);
Found : user_pref("CT3036369.components.129530436957104961", false);
Found : user_pref("CT3036369.components.129530439281559357", false);
Found : user_pref("CT3036369.components.129645376245972157", false);
Found : user_pref("CT3036369.components.129682583925406364", false);
Found : user_pref("CT3036369.components.129836382375908594", false);
Found : user_pref("CT3036369.components.129836382531388508", false);
Found : user_pref("CT3036369.components.129836382654814845", false);
Found : user_pref("CT3036369.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3036369.globalFirstTimeInfoLastCheckTime", "Sat Sep 22 2012 18:10:08 GMT-0500 (Central [...]
Found : user_pref("CT3036369.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3036369.initDone", true);
Found : user_pref("CT3036369.isAppTrackingManagerOn", false);
Found : user_pref("CT3036369.isFirstRadioInstallation", false);
Found : user_pref("CT3036369.myStuffEnabled", true);
Found : user_pref("CT3036369.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3036369.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3036369.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3036369.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3036369.navigateToUrlOnSearch", false);
Found : user_pref("CT3036369.oldAppsList", "129530392267400419,129530392267781295,111,129530439281559357,129[...]
Found : user_pref("CT3036369.revertSettingsEnabled", false);
Found : user_pref("CT3036369.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3036369.searchProtectorEnableByLogin", true);
Found : user_pref("CT3036369.testingCtid", "");
Found : user_pref("CT3036369.toolbarAppMetaDataLastCheckTime", "Thu Feb 28 2013 11:32:48 GMT-0600 (Central S[...]
Found : user_pref("CT3036369.toolbarContextMenuLastCheckTime", "Mon Sep 24 2012 05:48:18 GMT-0500 (Central D[...]
Found : user_pref("CT3036369.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit. ... /CT3036369[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1244122/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... 1423599/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /798082/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root ... /905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2776682", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT2856425", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-ser ... =CT3036369", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... tenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... erApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... redApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-serv ... lbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-ser ... rt/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-s ... g?ver=3.18[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/ ... =CT3036369",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... r=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=11/8/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=12/21/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services ... ut=12/27/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-service ... 682&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2776682[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit. ... /CT2856425[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... alizer_dea[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... nimize.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... t/play.gif", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... t/stop.gif", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/R ... nt/vol.gif", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... =EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"b25[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Owner\\Application[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=ZUGO&form=[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2776682,ConduitEngine,CT2856425,CT3036369");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2776682,CT2856425,CT3036369");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3036369");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Dec 27 2010 18:32:28 GMT-0600 (Centr[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Dec 28 2010 14:59:45 GMT-0600 (Central S[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "e5653289-7d47-4d01-9edb-eeae407ed1b2");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Dec 13 2010 11:04:00 GMT-0600 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "35254a53-dea2-48c1-ac60-82755d062ba5");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Sep 25 2012 07:33:2[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jun 04 2012 05:21:25 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 18:10:09 GMT-0500 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "adc58950-555d-4f17-afda-21b934d6cb9e");
Found : user_pref("CommunityToolbar.originalHomepage", "about:home");
Found : user_pref("CommunityToolbar.originalSearchEngine", "iLivid Web Search");
Found : user_pref("ConduitEngine.FirstServerDate", "12/21/2010 22");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Mon Dec 13 2010 12:36:14 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Dec 28 2010 14:59:57 GMT-0600 (Central Sta[...]
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Tue Dec 28 2010 13:02:25 GMT-0600 (Central Standard Ti[...]
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Dec 28 2010 13:02:25 GMT-0600 (Central Standar[...]
Found : user_pref("ConduitEngine.Uninstall", true);
Found : user_pref("ConduitEngine.UserID", "UN28207874289693824");
Found : user_pref("ConduitEngine.engineLocale", "en-US");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Dec 28 2010 15:55:33 GMT-0600 (Centr[...]
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.usagesFlag", 2);
Found : user_pref("browser.search.defaultenginename", "Web Search");
Found : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
Found : user_pref("browser.search.order.1", "Web Search");
Found : user_pref("browser.search.selectedEngine", "Web Search");

*************************

AdwCleaner[R1].txt - [48055 octets] - [13/03/2013 23:27:42]

########## EOF - C:\AdwCleaner[R1].txt - [48116 octets] ##########
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby Cypher » March 14th, 2013, 6:16 am

Hi,
Hello Cypher and thank you for your help.

You're most welcome.
I normally use avast antivirus and it ran a scan automatically because my computer was on and it showed me like 88 things affected but I did nothing with them as I was thinking I'd still be able to show WBG (who I was working with prior to you) but I hope those results etc are still in avast's files because I chose to 'do nothing' rather than 'move to chest', if you'd like to see them let me know.

For now, hold of on running any scans other than the ones i ask you to, if needed i will get you to post the Avast report later.
Malwarebytes Anti-Malware

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> No action taken.

C:\Documents and Settings\Owner\My Documents\Downloads\driverperformer_Zsetup.exe (PUP.Adware.Agent) -> No action taken.

You ran Malwarebytes Anti-Malware, but failed to fix the entries it found, please run it again and fix the detected entries.

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

AdwCleaner
  • Close all open programs and internet browsers.
  • Double-click on adwcleaner.exe to run it.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

We need to run an OTL Fix, i will assume you still have OTL saved to your computer
  • Double-click OTL.exe to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • AdwCleaner log.
  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 15th, 2013, 2:44 pm

Something is wrong..I cannot find the files to send you. My computer froze up and really messed me up. I cannot find those and I am luck I was able to get back on here..Help me out here..I am so frazzled!!!
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby Cypher » March 15th, 2013, 2:50 pm

Hi,
Something is wrong..I cannot find the files to send you. My computer froze up and really messed me up.

How far did you get with my instructions? which files can you not find?
Also, at which point did your computer freeze? :)
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 15th, 2013, 3:47 pm

After I did the OTL it froze. I had every log typed onto this reply and then it kicked me off here saying I was not logged in???? So now how do I find those logs?
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby Cypher » March 15th, 2013, 4:05 pm

Hi,
No problem, don't worry about the OTL log for now.
See if you can locate the Malwarebytes Anti-Malware, and AdwCleaner logs.

Malwarebytes Anti-Malware

Launch Malwarebytes Anti-Malware then click on Logs.
You should see a list of logs they are time dated, post the log from the Last scan you did.

AdwCleaner

Click Start > Computer > C:
You should see a log created there titled AdwCleaner[S1].txt, post this log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 15th, 2013, 4:28 pm

I did the 1st one without removing the one that started with C;/, which is this log, but then did that one next.
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOMES-9448A7F3B [administrator]

Protection: Disabled

3/14/2013 6:07:32 AM
mbam-log-2013-03-14 (06-07-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262837
Time elapsed: 14 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\Downloads\driverperformer_Zsetup.exe (PUP.Adware.Agent) -> No action taken.

(end)
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOMES-9448A7F3B [administrator]

Protection: Enabled

3/14/2013 7:03:24 AM
mbam-log-2013-03-14 (07-03-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262847
Time elapsed: 13 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\Downloads\driverperformer_Zsetup.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)
now I am going to look for the next portion you want..:/
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 15th, 2013, 4:37 pm

Sorry but I do not understand your directions to find adwcleaner log.
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 15th, 2013, 5:13 pm

Well..I ran it again...because I didn't find that file...
# AdwCleaner v2.114 - Logfile created 03/15/2013 at 15:50:42
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOMES-9448A7F3B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ul3z8xi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [851 octets] - [15/03/2013 15:47:18]
AdwCleaner[R2].txt - [910 octets] - [15/03/2013 15:49:49]
AdwCleaner[S1].txt - [842 octets] - [15/03/2013 15:50:42]

########## EOF - C:\AdwCleaner[S1].txt - [901 octets] ##########


But...it takes a while for my internet to even open up and my computer is really slow when I try to access things like malwareremoval, and other downloads or things in windows..
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm

Re: Was in process of removing malware BUT stopped in proces

Unread postby Cypher » March 16th, 2013, 6:18 am

Hi,
Good well done :thumbleft:
today my computer was not cooperating at all..if I searched for anything it'd be redirected,

Are your searches still redirected? let me know in your next reply please.
Also, please run DDS again and post the new log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Was in process of removing malware BUT stopped in proces

Unread postby TrucknMom2 » March 16th, 2013, 8:31 am

Today it seems to be NOT redirecting..but I haven't used it much..
I did notice that malwareremoval DID stop a malicious site from incoming..that's a first..incoming that is.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 7:23:55 on 2013-03-16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.45 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Hoolapp Android] "c:\docume~1\owner\applic~1\hoolap~1\Hoolapp.exe" /Minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4589066690
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 1872922859
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/f ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5E0D0766-8E3C-43B6-A7C7-3349999721D2} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-01-29 13:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - ExtSQL: 2013-02-06 22:54; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\6ul3z8xi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: !HIDDEN! 2013-01-29 13:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-2-6 65848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-11 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-5 361032]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-30 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-2-6 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-2-6 166840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-5 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-5 44808]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-16 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-13 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-13 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-13 21104]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-28 21520]
S2 X4HSEx;X4HSEx;\??\c:\program files\free ride games\x4hsex.sys --> c:\program files\free ride games\X4HSEx.Sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-15 40776]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-03-15 17:11:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-14 03:20:38 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2013-03-14 03:20:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-14 03:20:07 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-14 03:20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-12 21:39:47 17887640 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-03-12 21:38:10 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-03-12 21:38:10 19352 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2013-03-12 21:38:09 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-03-12 21:38:08 272280 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-03-12 21:38:03 865744 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-03-12 21:38:03 155544 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2013-03-12 21:38:02 151960 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-03-12 21:38:00 92056 ----a-w- c:\program files\mozilla firefox\smime3.dll
2013-03-12 21:36:53 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2013-03-12 21:36:52 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-03-12 21:36:50 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-03-12 21:36:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-03-12 21:36:35 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-03-12 21:34:34 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-03-04 14:36:53 -------- d-----w- c:\program files\ESET
2013-02-28 08:06:10 -------- d-----w- C:\_OTL
.
==================== Find3M ====================
.
2013-03-12 22:44:06 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-12 22:44:05 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-06 13:59:20 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 7:26:58.40 ===============

Did you want the attach.txt or no?
TrucknMom2
Regular Member
 
Posts: 36
Joined: February 22nd, 2013, 9:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware