Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help please

Unread postby christina.xox » March 30th, 2012, 1:48 pm

Hi i was being helped before but i was too late with my reply so here is a new dds log and the logs from the other scans i was asked to do if they help

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 10:42:43 on 2012-03-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.703.84 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\ExpressFiles\EFupdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: N/A: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - c:\program files\recipehub_2j\bar\1.bin\2jSrcAs.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: DataMngr: {b939cf93-f2cb-443d-956c-dc523d85c9db} - c:\progra~1\bearsh~1\mediabar\datamngr\BROWSE~1.DLL
BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\wincorebsdtx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Recipe Hub: {cf51de5b-eb36-4114-bb69-84df63fbadb4} - c:\program files\recipehub_2j\bar\1.bin\2jbar.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\wincorebsdtx.dll
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Epson Stylus NX420(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigca.exe /fu "c:\docume~1\owner\locals~1\temp\E_S83.tmp" /EF "HKCU"
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: &Search - http://tbedits.recipehub.com/one-toolba ... 2012032417
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload ... ontrol.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EB19170F-7656-4F4A-9F81-D629BA2AA096} : DhcpNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\vzeodvdi.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsear ... searchfor=
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\recipehub_2j\bar\1.bin\NP2jStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109977
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.id - 5c5e0f8a0000000000000015f2503023
FF - user.js: extensions.BabylonToolbar_i.hardId - 5c5e0f8a0000000000000015f2503023
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15421
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:32:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQsGj ... 26&search=
FF - user.js: extensions.incredibar_i.id - 5c5e0f8a0000000000000015f2503023
FF - user.js: extensions.incredibar_i.instlDay - 15427
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.148:39:57
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQsGj0eAj
FF - user.js: extensions.incredibar_i.upn2n - 92542617786915571
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2005-6-2 85888]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-22 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-22 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-22 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-22 44768]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2009-5-25 99248]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-30 652360]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-10-18 582992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-30 20464]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-10-18 206608]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2006-3-10 28672]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-2-19 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-11 136176]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-19 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-19 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-19 136808]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-10-18 206608]
.
=============== Created Last 30 ================
.
2012-03-30 17:03:41 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-03-30 17:03:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-30 17:03:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 17:03:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 16:57:59 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 16:49:37 -------- d-----w- C:\_OTL
2012-03-28 15:56:22 -------- d-----w- c:\documents and settings\owner\application data\wincorebsband
2012-03-28 15:56:22 -------- d-----w- c:\documents and settings\owner\AppData
2012-03-28 15:54:59 -------- d-----w- c:\documents and settings\owner\application data\mediabarbs
2012-03-28 15:51:38 -------- d-----w- c:\documents and settings\all users\application data\BearShare
2012-03-28 15:51:37 -------- d-----w- c:\program files\BearShare Applications
2012-03-28 15:51:08 -------- dc-h--w- c:\documents and settings\all users\application data\{3EC3DC2C-4F6D-4E54-8659-4967F07660D1}
2012-03-28 15:50:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
2012-03-28 15:47:40 -------- d-----w- c:\documents and settings\owner\application data\Incredibar.com
2012-03-28 15:39:52 -------- d-----w- c:\program files\Incredibar.com
2012-03-28 15:39:09 -------- d-----w- c:\documents and settings\owner\local settings\application data\Ares
2012-03-26 19:53:55 -------- d-----w- c:\documents and settings\owner\application data\Blackberry Desktop
2012-03-24 21:00:53 -------- d-----w- c:\program files\RecipeHub_2j
2012-03-24 21:00:39 -------- d-----w- c:\program files\RecipeHub_2jEI
2012-03-24 18:38:56 -------- d-----w- c:\program files\TotalRecipeSearch_14
2012-03-22 20:17:25 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-22 20:16:58 41184 ----a-w- c:\windows\avastSS.scr
2012-03-22 20:16:04 -------- d-----w- c:\program files\AVAST Software
2012-03-22 20:16:04 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-03-22 17:32:29 -------- d-----w- c:\program files\ExpressFiles
2012-03-22 17:32:29 -------- d-----w- c:\documents and settings\owner\application data\ExpressFiles
2012-03-21 17:04:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-21 17:04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-17 22:17:43 -------- d-----w- c:\documents and settings\owner\application data\OpenCandy
2012-03-11 17:41:17 -------- d-----w- c:\program files\iPod
2012-03-11 17:38:31 -------- d-----w- c:\program files\Bonjour
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-03-11 17:37:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-03-30 16:57:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:44:58.95 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2008 2:16:11 PM
System Uptime: 3/30/2012 10:25:06 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8R-MX
Processor: AMD Athlon(tm) 64 Processor 3700+ | SOCKET 939 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 230 GiB total, 188.232 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP797: 12/31/2011 1:03:10 PM - System Checkpoint
RP798: 1/1/2012 1:41:37 PM - System Checkpoint
RP799: 1/2/2012 3:55:18 PM - System Checkpoint
RP800: 1/3/2012 4:41:34 PM - System Checkpoint
RP801: 1/4/2012 5:04:19 PM - System Checkpoint
RP802: 1/5/2012 5:41:28 PM - System Checkpoint
RP803: 1/6/2012 6:17:37 PM - System Checkpoint
RP804: 1/7/2012 7:17:30 PM - System Checkpoint
RP805: 1/8/2012 7:19:38 PM - System Checkpoint
RP806: 1/9/2012 7:39:21 PM - System Checkpoint
RP807: 1/10/2012 8:20:53 PM - System Checkpoint
RP808: 1/11/2012 3:00:16 AM - Software Distribution Service 3.0
RP809: 1/12/2012 3:28:17 AM - System Checkpoint
RP810: 1/13/2012 3:32:38 AM - System Checkpoint
RP811: 1/14/2012 4:32:32 AM - System Checkpoint
RP812: 1/15/2012 5:32:31 AM - System Checkpoint
RP813: 1/16/2012 5:55:02 AM - System Checkpoint
RP814: 1/17/2012 6:42:32 AM - System Checkpoint
RP815: 1/18/2012 3:00:19 AM - Software Distribution Service 3.0
RP816: 1/19/2012 3:29:25 AM - System Checkpoint
RP817: 1/20/2012 4:29:24 AM - System Checkpoint
RP818: 1/21/2012 5:29:20 AM - System Checkpoint
RP819: 1/22/2012 5:47:28 AM - System Checkpoint
RP820: 1/23/2012 6:47:25 AM - System Checkpoint
RP821: 1/24/2012 7:47:20 AM - System Checkpoint
RP822: 1/25/2012 8:47:18 AM - System Checkpoint
RP823: 1/26/2012 9:47:15 AM - System Checkpoint
RP824: 1/27/2012 10:47:13 AM - System Checkpoint
RP825: 1/28/2012 12:10:09 PM - System Checkpoint
RP826: 1/29/2012 1:33:08 PM - System Checkpoint
RP827: 1/30/2012 2:03:17 PM - System Checkpoint
RP828: 1/31/2012 2:29:19 PM - System Checkpoint
RP829: 2/1/2012 2:36:32 PM - System Checkpoint
RP830: 2/2/2012 3:38:21 PM - System Checkpoint
RP831: 2/3/2012 4:01:56 PM - System Checkpoint
RP832: 2/4/2012 5:12:17 PM - System Checkpoint
RP833: 2/5/2012 6:23:13 PM - System Checkpoint
RP834: 2/6/2012 6:29:04 PM - System Checkpoint
RP835: 2/7/2012 6:31:47 PM - System Checkpoint
RP836: 2/8/2012 7:28:57 PM - System Checkpoint
RP837: 2/9/2012 8:01:30 PM - System Checkpoint
RP838: 2/11/2012 10:43:28 AM - System Checkpoint
RP839: 2/12/2012 11:20:59 AM - System Checkpoint
RP840: 2/13/2012 12:20:57 PM - System Checkpoint
RP841: 2/14/2012 6:32:06 PM - System Checkpoint
RP842: 2/15/2012 3:00:20 AM - Software Distribution Service 3.0
RP843: 2/16/2012 3:00:15 AM - Software Distribution Service 3.0
RP844: 2/17/2012 3:35:19 AM - System Checkpoint
RP845: 2/18/2012 4:35:16 AM - System Checkpoint
RP846: 2/19/2012 5:35:16 AM - System Checkpoint
RP847: 2/19/2012 1:40:21 PM - Installed Samsung Kies
RP848: 2/20/2012 2:35:13 PM - System Checkpoint
RP849: 2/21/2012 3:35:09 PM - System Checkpoint
RP850: 2/22/2012 4:35:08 PM - System Checkpoint
RP851: 2/23/2012 5:33:11 PM - System Checkpoint
RP852: 2/24/2012 5:59:19 PM - System Checkpoint
RP853: 2/25/2012 6:34:59 PM - System Checkpoint
RP854: 2/26/2012 6:46:58 PM - System Checkpoint
RP855: 2/27/2012 7:56:57 PM - System Checkpoint
RP856: 2/28/2012 8:48:27 PM - System Checkpoint
RP857: 3/1/2012 8:58:31 AM - System Checkpoint
RP858: 3/2/2012 9:39:27 AM - System Checkpoint
RP859: 3/3/2012 10:28:48 AM - System Checkpoint
RP860: 3/4/2012 10:51:42 AM - System Checkpoint
RP861: 3/5/2012 11:45:52 AM - System Checkpoint
RP862: 3/6/2012 12:35:28 PM - System Checkpoint
RP863: 3/7/2012 1:35:25 PM - System Checkpoint
RP864: 3/8/2012 3:03:55 PM - System Checkpoint
RP865: 3/9/2012 5:24:43 PM - System Checkpoint
RP866: 3/10/2012 5:52:51 PM - System Checkpoint
RP867: 3/11/2012 6:54:43 PM - System Checkpoint
RP868: 3/12/2012 7:52:01 PM - System Checkpoint
RP869: 3/13/2012 7:53:05 PM - System Checkpoint
RP870: 3/14/2012 3:00:13 AM - Software Distribution Service 3.0
RP871: 3/15/2012 3:23:48 AM - System Checkpoint
RP872: 3/16/2012 4:23:47 AM - System Checkpoint
RP873: 3/17/2012 5:23:41 AM - System Checkpoint
RP874: 3/18/2012 6:23:40 AM - System Checkpoint
RP875: 3/19/2012 7:23:35 AM - System Checkpoint
RP876: 3/20/2012 8:44:07 AM - System Checkpoint
RP877: 3/21/2012 8:59:16 AM - System Checkpoint
RP878: 3/21/2012 10:04:06 AM - Removed Java(TM) 6 Update 18
RP879: 3/21/2012 10:04:29 AM - Installed Java(TM) 6 Update 31
RP880: 3/22/2012 10:58:02 AM - System Checkpoint
RP881: 3/22/2012 1:16:04 PM - avast! Free Antivirus Setup
RP882: 3/22/2012 1:16:08 PM - avast! Free Antivirus Setup
RP883: 3/22/2012 1:16:37 PM - avast! Free Antivirus Setup
RP884: 3/22/2012 1:23:45 PM - Removed Ask Toolbar.
RP885: 3/22/2012 1:34:04 PM - Removed Adobe Reader 9.5.0.
RP886: 3/23/2012 1:51:11 PM - System Checkpoint
RP887: 3/24/2012 2:42:59 PM - System Checkpoint
RP888: 3/25/2012 3:13:36 PM - System Checkpoint
RP889: 3/26/2012 4:12:25 PM - System Checkpoint
RP890: 3/27/2012 4:24:23 PM - System Checkpoint
RP891: 3/28/2012 5:42:15 PM - System Checkpoint
RP892: 3/29/2012 6:24:18 PM - System Checkpoint
RP893: 3/30/2012 9:51:15 AM - OTL Restore Point
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Free Antivirus
BearShare
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Bonjour
CCleaner
CCScore
Epson Event Manager
EPSON NX420 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
ExpressFiles
FirstClass® Client
GCalc 3
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Incredibar Toolbar on IE
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Lexmark 2500 Series
Lexmark Fax Solutions
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 11.0 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
netbrdg
Notifier
OfotoXMI
OpenOffice.org 3.2
PCDADDIN
PCDHELP
PCI SoftV92 Modem
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB971961)
Segoe UI
SFR
SHASTA
SKIN0001
SKINXSDK
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
staticcr
swMSM
tooltips
Trend Micro RUBotted
ULi PCI 10-100 Fast Ethernet Controller Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
VPRINTOL
Webfetti
WebFldrs XP
Wincore MediaBar
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
3/30/2012 9:49:52 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:43 AM, error: Service Control Manager [7034] - The Trend Micro RUBotted Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:41 AM, error: Service Control Manager [7034] - The lxdd_device service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:40 AM, error: Service Control Manager [7034] - The lxddCATSCustConnectService service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:40 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:39 AM, error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:39 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 9:49:39 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2012 9:49:38 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 10:29:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
3/30/2012 10:29:48 AM, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2012 9:23:08 PM, error: m5287 [11] - The driver detected a controller error on \Device\Scsi\m52871.
3/23/2012 10:09:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the BarDiscover Service service to connect.
.
==== End Of File ===========================


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://isearch.babylon.com/?babsrc=HP_ss&mntrId=5c5e0f8a0000000000000015f2503023" removed from browser.startup.homepage
Prefs.js: "http://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=5c5e0f8a0000000000000015f2503023&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Webfetti.com/Plugin\ deleted successfully.
C:\Program Files\Webfetti\bar\1.bin\NP7dStub.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7dffxtbr@Webfetti.com: C:\Program Files\Webfetti\bar\1.bin not found.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{381FFDE8-2394-4f90-B10D-FC6124A40F8C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ExpressFiles deleted successfully.
C:\Program Files\ExpressFiles\ExpressFiles.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk moved successfully.
========== SERVICES/DRIVERS ==========
Service WebfettiService stopped successfully!
Service WebfettiService deleted successfully!
Service BarDiscover Service stopped successfully!
Service BarDiscover Service deleted successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | 1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire 5\FrostWire.exe deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Owner\Application Data\BabylonToolbar not found.
File\Folder C:\Program Files\BabylonToolbar not found.
C:\Documents and Settings\Owner\Local Settings\Application Data\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Babylon\Setup folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\18760426 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\38027323 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BarDiscover folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Babylon folder moved successfully.
File\Folder C:\Documents and Settings\Owner\Application Data\BabylonToolbar not found.
C:\Documents and Settings\Owner\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\themes\amber_theme folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\torrents folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\tmp folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\plugins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\net folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\logs\save folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\logs folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\dht folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus\active folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\azureus folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Owner\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49152 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 5540182 bytes

User: NetworkService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 157256541 bytes

User: Owner
->Temp folder emptied: 8936079 bytes
->Temporary Internet Files folder emptied: 88087904 bytes
->Java cache emptied: 1965218 bytes
->FireFox cache emptied: 124183499 bytes
->Google Chrome cache emptied: 7259284 bytes
->Flash cache emptied: 5093208 bytes

User: ShopperReports3

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1405751 bytes
%systemroot%\System32 .tmp files removed: 6673 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9751236 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 188781357 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36614 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 571.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 03302012_094937

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\AAX4D.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\W7567OHM\nobakechoccooklg[1].jpg moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KCU9KT8Q\kidscookMthrDay[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JJO0NOW0\kidscookMthrDay[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G64BXG6Y\13[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G64BXG6Y\kidscookMthrDay[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BIEHQELW\9[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BDU60EV1\29[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BDU60EV1\index[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2CO2MBV0\PublicationSelector[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: WINXP_MCE [administrator]

Protection: Enabled

3/30/2012 10:06:05 AM
mbam-log-2012-03-30 (10-06-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211847
Time elapsed: 9 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 101
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\CLSID\{06e3475c-5521-4de8-bb12-50720f21631c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{df22384f-cf68-4d19-969f-10423715528b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TotalRecipeSearch_14.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E3475C-5521-4DE8-BB12-50720F21631C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06E3475C-5521-4DE8-BB12-50720F21631C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\TotalRecipeSearch_14 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E3475C-5521-4DE8-BB12-50720F21631C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF22384F-CF68-4D19-969F-10423715528B} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RecipeHub_2jbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalRecipeSearch_14bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\TotalRecipeSearch_14 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\RecipeHub_2jService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\TotalRecipeSearch_14Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{C48635AD-D6B5-3EE4-AAA2-540D5A173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{C48635AD-D6B5-3EE4-AAA2-540D5A173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Detected: 14
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.MyWebSearch) -> Data: N H+\G¨*€ïØN£> -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{8A7D2060-824D-4B17-B00A-759B1B5F30D9} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a0154e07-2b48-475c-a82a-80efd84ea33e} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A0154E07-2B48-475C-A82A-80EFD84EA33E} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network|UID (Malware.Trace) -> Data: WINXP_MCE_069DB55B -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790270B6765A5533AE93 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Recipe Hub Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\RECIPE~2\bar\1.bin\2jsrchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RecipeHub_2j Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\RECIPE~2\bar\1.bin\2jbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\TOTALR~2\bar\1.bin\14srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TotalRecipeSearch_14 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\TOTALR~2\bar\1.bin\14brmon.exe -> Quarantined and deleted successfully. -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|14ffxtbr@TotalRecipeSearch_14.com (PUP.MyWebSearch) -> Data: C:\Program Files\TotalRecipeSearch_14\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\setups (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Detected: 20
C:\Documents and Settings\Owner\My Documents\Downloads\Webfetti.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover\bardiscover.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover\uninstall.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\5E3B57AF.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\Cache\files.ini (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RecipeHub_2j\bar\1.bin\2jSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RecipeHub_2j\bar\1.bin\2jSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RecipeHub_2j\bar\1.bin\2jbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RecipeHub_2j\bar\1.bin\2jbarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\RecipeHub_2j\bar\1.bin\2jbrstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brstub.dll (PUP.MyWebSearch) -> Delete on reboot.

(end)
christina.xox
Active Member
 
Posts: 3
Joined: March 21st, 2012, 1:11 pm
Advertisement
Register to Remove

Re: Help please

Unread postby diver79 » March 31st, 2012, 3:45 pm

Hi Christina,

I will assist you on this one again.

If you do not think you are going to be able to reply within three days please let me know so I can keep the topic open.

I'm afraid I have some bad news for you, unfortunately your computer has an infection that gives a remote attacker BACKDOOR ACCESS to the machine. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker may be able to get all the new passwords and transaction records.

Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows. If you choose to continue and attempt to remove the infection I will be happy to help but cannot provide any guarantee of success.

Further reading:
How do I respond to a possible identity theft and how do I prevent it
How to backup your files in Windows XP


Please let me know how you would like to proceed.

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Help please

Unread postby diver79 » April 2nd, 2012, 1:26 pm

Do you still require assistance?

This topic will be closed if you have not replied within 72 hours of my last post.

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: Help please

Unread postby NonSuch » April 4th, 2012, 12:13 am

Due to a lack of activity within the proscribed time period, this topic is now closed.

Although we understand a poster may have difficulty responding to a helper's posts and following the instructions therein in a timely manner, that is the way we and most free online help forums function. Online help forums are not the most suitable choice for those who must be away from their infected computers for a period of time that exceeds the posted parameters for receiving assistance. Therefore, we suggest you avail yourself of other more suitable means for resolving your computer's issues.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 490 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware