Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tons of IE windows open, webcrawler in address bar [Closed]

Started by jbcteacher , Nov 20 2011 02:02 PM

  • This topic is locked This topic is locked

#1
jbcteacher
Posted 20 November 2011 - 02:02 PM

jbcteacher

    Member

  • Member
  • PipPipPip
  • 209 posts
Hi. I am helping a neighbor/friend who is having trouble with her pc. Tons of IE windows open, some in different languages. A "WMP9DeskBand" bar pops up on the bottom of the screen. She often cannot complete tasks because of this. We ran an antivirus application yesterday. Here is the OT log


OTL logfile created on: 11/20/2011 2:55:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 238.12 Mb Available Physical Memory | 46.69% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 20.08 Gb Free Space | 53.91% Space Free | Partition Type: NTFS

Computer Name: YOUR-F58F7CF62F | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 14:53:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/11/07 22:02:58 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/08/01 13:51:20 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ResultBrowse\resultbrowse199.exe
PRC - [2011/08/01 13:51:20 | 000,026,112 | ---- | M] () -- C:\Program Files\ResultBrowse\resultbrowse.exe
PRC - [2011/01/30 18:00:37 | 000,016,824 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2010/12/24 11:57:45 | 000,208,384 | ---- | M] () -- C:\Program Files\Mighty Magoo\mightymagoo32.exe
PRC - [2010/11/01 14:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010/09/19 09:03:52 | 000,020,480 | ---- | M] (Guffins) -- C:\Program Files\Guffins\bar\1.bin\u4brmon.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 04:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/05/30 07:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2005/11/10 12:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 12:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 22:02:56 | 000,420,920 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll
MOD - [2011/11/07 22:02:55 | 003,702,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
MOD - [2011/11/07 22:01:20 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.120\avutil-51.dll
MOD - [2011/11/07 22:01:19 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.120\avformat-53.dll
MOD - [2011/11/07 22:01:17 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.120\avcodec-53.dll
MOD - [2011/11/07 18:44:56 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
MOD - [2011/08/02 06:48:22 | 000,589,824 | ---- | M] () -- C:\Program Files\ResultBrowse\resultbrowse.dll
MOD - [2011/08/01 13:51:20 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ResultBrowse\resultbrowse199.exe
MOD - [2011/08/01 13:51:20 | 000,026,112 | ---- | M] () -- C:\Program Files\ResultBrowse\resultbrowse.exe
MOD - [2010/12/24 11:57:45 | 000,208,384 | ---- | M] () -- C:\Program Files\Mighty Magoo\mightymagoo32.exe
MOD - [2010/12/24 11:57:44 | 000,233,472 | ---- | M] () -- C:\Program Files\Mighty Magoo\mightymagoolib32.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/01 14:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/01 13:51:20 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\ResultBrowse\resultbrowse199.exe -- (ResultBrowse Service)
SRV - [2010/09/19 09:03:52 | 000,028,766 | ---- | M] (Guffins) [Auto | Stopped] -- C:\Program Files\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/30 07:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/03/10 20:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2007/05/30 07:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 07:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll (Guffins)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll (Guffins)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Guffins\bar\1.bin [2010/09/19 09:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/05 21:36:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/05 21:36:08 | 000,000,000 | ---D | M]

[2010/12/24 11:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: ResultBrowse (Enabled)
CHR - default_search_provider: search_url = http://www.resultbro...s={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Guffins Plugin Stub (Enabled) = C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\npsoe.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2001/08/23 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Mighty Magoo Text) - {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files\Mighty Magoo\mmagootl.dll ()
O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (Guffins)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
O2 - BHO: (PageTheme) - {CC0F2900-8A5B-4D0D-9E44-10435BC40774} - C:\Program Files\PageTheme\PageTheme.dll (TODO: <Company name>)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (Mighty Magoo) - {EEAD004E-7E2D-49f8-831C-A01647E85B53} - C:\Program Files\Mighty Magoo\mightymagoolib32.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (Guffins)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (Guffins)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Guffins Browser Plugin Loader] C:\Program Files\Guffins\bar\1.bin\u4brmon.exe (Guffins)
O4 - HKLM..\Run: [Mightymagoo] C:\Program Files\Mighty Magoo\mightymagoo32.exe ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://edits.mywebse...8A&n=2010071921 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1055 (SonyOnlineInstallerX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277603732734 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68A9FEA4-C0C2-47E4-A3E1-93917E3F8053}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/20 02:39:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 19:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2011/11/18 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG Anti-Spyware 7.5
[2011/11/18 19:55:55 | 000,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys
[2011/11/18 19:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/11/18 19:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2011/11/18 19:37:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/11/09 22:00:59 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Administrator\My Documents\My Stationery
[2011/10/29 00:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/10/28 23:49:28 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/10/28 23:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/10/28 23:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011/10/28 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/10/28 23:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/10/28 23:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/10/28 23:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/10/28 23:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 14:13:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 14:03:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/20 14:02:52 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 14:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/20 13:09:06 | 000,004,473 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\peanuts.abw
[2011/11/20 13:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/20 13:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/11/20 12:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/11/20 11:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/11/20 00:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/19 22:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/11/19 21:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/11/19 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/11/19 19:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/11/19 17:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/11/19 16:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/11/18 19:56:03 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2011/11/18 19:55:18 | 012,413,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avgas-setup-7.5.1.43.exe
[2011/11/18 18:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/11/18 15:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/11/18 10:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/11/15 09:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/11/08 16:08:01 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2011/11/06 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/11/06 08:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/11/06 07:24:50 | 000,392,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 07:24:50 | 000,058,944 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 22:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/11/01 09:18:27 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/10/29 00:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/10/28 23:56:49 | 000,095,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 13:09:06 | 000,004,473 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\peanuts.abw
[2011/11/18 19:56:03 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Anti-Spyware.lnk
[2011/11/18 19:55:08 | 012,413,440 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avgas-setup-7.5.1.43.exe
[2011/11/13 21:06:19 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/09/29 17:18:06 | 000,000,015 | ---- | C] () -- C:\WINDOWS\chromedtx.ini
[2011/08/22 16:04:25 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/14 21:26:39 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\48Ea66yh.exe
[2011/07/06 07:43:12 | 000,000,015 | ---- | C] () -- C:\WINDOWS\dtx.ini
[2011/07/06 07:43:12 | 000,000,015 | ---- | C] () -- C:\WINDOWS\{627af46b-2076-42ae-a2fd-8428734d3e74}dtx.ini
[2011/05/05 21:26:34 | 000,205,622 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/05/05 21:26:34 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/03/12 09:25:15 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\sutil32.dll
[2010/10/02 15:59:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2010/07/11 17:04:31 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2010/06/20 02:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/20 02:35:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/19 19:28:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/19 19:24:02 | 000,095,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/03 20:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 15:00:00 | 000,392,628 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 15:00:00 | 000,058,944 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/09/01 07:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/11 12:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Earth Resource Mapping
[2010/10/01 15:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FCSB000062035
[2010/09/19 15:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FunWebProducts
[2011/11/18 19:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2011/05/28 10:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Itibiti
[2011/05/09 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Namco
[2011/05/28 10:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ooVoo Details
[2010/12/28 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011/07/07 09:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\simppulltoolbar
[2011/07/26 10:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smilebox
[2011/06/27 16:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Online Entertainment
[2010/11/14 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2011/05/05 22:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Visan
[2010/07/22 09:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WeatherBug
[2011/04/10 09:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/05/28 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/10/02 15:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2011/11/18 19:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/10/02 15:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010/11/14 16:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2011/08/02 06:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultBrowse
[2011/05/28 10:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/07/12 15:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/05 22:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/05/09 17:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/11/29 10:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/20 00:26:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/11/15 09:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/11/18 10:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/11/20 11:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/11/20 12:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/11/20 13:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/11/06 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/11/18 15:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/11/19 16:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/11/19 17:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/11/18 18:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/10/29 00:00:19 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/11/19 19:00:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/11/19 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/11/19 21:00:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/11/19 22:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/11/05 22:00:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/10/08 11:33:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/10/08 11:33:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/10/08 11:33:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/10/08 11:33:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/10/08 11:33:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/08/14 21:26:40 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/11/06 08:00:23 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/11/20 13:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/09/13 18:05:02 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??AppData) -- C:\WINDOWS\System32\㴨κAppData
[2011/09/13 18:05:02 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??AppData) -- C:\WINDOWS\System32\㴨κAppData

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B9E5A3

< End of report >
  • 0

Advertisements

#2
jbcteacher
Posted 20 November 2011 - 02:12 PM

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
This is the extra log:

OTL Extras logfile created on: 11/20/2011 2:55:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 238.12 Mb Available Physical Memory | 46.69% Memory free
1.22 Gb Paging File | 0.80 Gb Available in Paging File | 65.87% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 20.08 Gb Free Space | 53.91% Space Free | Partition Type: NTFS

Computer Name: YOUR-F58F7CF62F | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Disabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Itibiti Soft Phone\Itibiti.exe" = C:\Program Files\Itibiti Soft Phone\Itibiti.exe:*:Enabled:Itibiti.exe -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E3F182C-4ED5-405A-817B-A46D5A1103B1}" = Image Web Server 8.1 IE Plugin (3,4,0,242)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{118FF52A-F001-4107-A83F-F4715CD00FE1}" = 3D Spring Blossoms
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58299B15-D94A-4AE4-B1BE-98E7B2C36996}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9100/9105 smartphone
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7B100D8-98A5-42AA-830F-16D6BD5351F1}" = My.Freeze.com NetAssistant
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"AbiWord2" = AbiWord 2.6.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"am-namcoallstarspacman" = NAMCO ALL-STARS - PAC-MAN
"am-varmintz" = Varmintz
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"Guffinsbar Uninstall" = Guffins
"Hamsterball_is1" = Hamsterball
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"Itibiti_is1" = Knctr
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MightyMagoo" = Mighty Magoo
"NSS" = Norton Security Scan
"PageTheme_is1" = PageTheme
"PROSet" = Intel® PRO Ethernet Adapter and Software
"ResultBrowse" = ResultBrowse 1.0 build 199 powered by FIRST SEARCHBAR
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Shop to Win 2" = Shop to Win 2
"simppulltoolbar" = Simppull Toolbar (Remove Toolbar Only)
"Surf Canyon" = Surf Canyon Search Engine Assistant
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Web Games Player Plugin" = Web Games Player Plugin
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Administrator
"Smilebox" = Smilebox
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/18/2011 8:17:57 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:18:40 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:20:37 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:25:25 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:40:40 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:47:34 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Hang | ID = 1002
Description = Hanging application Nss.exe, version 3.6.0.31, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2011 9:12:00 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 9:46:37 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 10:09:05 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19088, fault address 0x000e1ad3.

Error - 11/19/2011 10:02:27 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

[ Application Events ]
Error - 11/18/2011 8:17:57 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:18:40 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:20:37 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:25:25 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:40:40 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 8:47:34 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Hang | ID = 1002
Description = Hanging application Nss.exe, version 3.6.0.31, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2011 9:12:00 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 9:46:37 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

Error - 11/18/2011 10:09:05 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19088, fault address 0x000e1ad3.

Error - 11/19/2011 10:02:27 PM | Computer Name = YOUR-F58F7CF62F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ShoppingBHO.dll, version 1.1.0.0, fault address 0x00013fb7.

[ System Events ]
Error - 11/20/2011 1:05:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:07:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:09:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:11:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:13:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:15:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:17:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:19:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:21:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/20/2011 1:23:00 PM | Computer Name = YOUR-F58F7CF62F | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#3
Gammo
Posted 20 November 2011 - 04:49 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2011/08/01 13:51:20 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\ResultBrowse\resultbrowse199.exe -- (ResultBrowse Service)
SRV - [2010/09/19 09:03:52 | 000,028,766 | ---- | M] (Guffins) [Auto | Stopped] -- C:\Program Files\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files\Guffins\bar\1.bin\u4SrcAs.dll (Guffins)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll (Guffins)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Guffins\bar\1.bin [2010/09/19 09:03:54 | 000,000,000 | ---D | M]
CHR - default_search_provider: ResultBrowse (Enabled)
CHR - default_search_provider: search_url = http://www.resultbro...s={searchTerms}
CHR - plugin: Guffins Plugin Stub (Enabled) = C:\Program Files\Guffins\bar\1.bin\NPu4Stub.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll
O2 - BHO: (Shop to Win 2) - {20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} - C:\Program Files\Shop to Win 2\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
O2 - BHO: (Mighty Magoo Text) - {97E74A14-E5F1-40cc-9B0F-0D11946E5469} - C:\Program Files\Mighty Magoo\mmagootl.dll ()
O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (Guffins)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files\simppulltoolbar\auxi\simppulltoolbAu.dll (Visicom Media)
O2 - BHO: (PageTheme) - {CC0F2900-8A5B-4D0D-9E44-10435BC40774} - C:\Program Files\PageTheme\PageTheme.dll (TODO: <Company name>)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (Mighty Magoo) - {EEAD004E-7E2D-49f8-831C-A01647E85B53} - C:\Program Files\Mighty Magoo\mightymagoolib32.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll ()
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (Guffins)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:\Program Files\Guffins\bar\1.bin\u4bar.dll (Guffins)
O4 - HKLM..\Run: [Guffins Browser Plugin Loader] C:\Program Files\Guffins\bar\1.bin\u4brmon.exe (Guffins)
O4 - HKLM..\Run: [Mightymagoo] C:\Program Files\Mighty Magoo\mightymagoo32.exe ()
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O8 - Extra context menu item: &Search - http://edits.mywebse...8A&n=2010071921 File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/11/20 13:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/08/14 21:26:39 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\48Ea66yh.exe
[2011/03/12 09:25:15 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\sutil32.dll
[2010/10/01 15:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FCSB000062035
[2010/09/19 15:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FunWebProducts
[2011/05/28 10:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ooVoo Details
[2010/12/28 16:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011/07/07 09:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\simppulltoolbar
[2011/08/02 06:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ResultBrowse
[2011/05/28 10:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/11/14 16:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2011/09/13 18:05:02 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??AppData) -- C:\WINDOWS\System32\㴨κAppData
[2011/09/13 18:05:02 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??AppData) -- C:\WINDOWS\System32\㴨κAppData

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Documents and Settings\All Users\Application Data\ResultBrowse
C:\Program Files\ResultBrowse
C:\Program Files\Mighty Magoo
C:\Program Files\SelectRebates
C:\Program Files\Guffins
C:\WINDOWS\tasks\At*.job
C:\Program Files\Ask.com
C:\Program Files\Freeze.com
C:\Program Files\MyWebSearch
C:\Program Files\Shop to Win 2
C:\Program Files\simppulltoolbar
C:\Program Files\Mighty Magoo
C:\Program Files\PageTheme
C:\Program Files\Yontoo Layers

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#4
jbcteacher
Posted 20 November 2011 - 06:37 PM

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
While following your steps, 10 times a pop up box explaining that IE experience a problem do you want to report it dated over a month ago. Also, now, instead of seeing icons or pictures, there are lots of red xs. If you right click on them it gives you the option to show picture, but it doesn't... Any idea?

Thanks so much!!!


ComboFix 11-11-20.02 - Administrator 11/20/2011 19:14:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.128 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Application Data\PriceGong
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\1.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\641.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\a.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\b.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\c.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\d.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\e.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\f.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\g.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\h.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\i.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\j.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\k.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\l.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\m.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\n.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\o.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\p.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\q.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\r.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\s.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\t.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\u.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\v.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\w.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\x.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\y.txt
c:\documents and settings\NetworkService\Application Data\PriceGong\Data\z.txt
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0002A1D4.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0002A4D1.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0002AAAD.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00035219.urr
c:\program files\FunWebProducts\ScreenSaver\Images\0004FE23.urr
c:\program files\FunWebProducts\ScreenSaver\Images\000501DC.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0005E8D1.dat
c:\program files\FunWebProducts\ScreenSaver\Images\000D499C.dat
c:\program files\FunWebProducts\ScreenSaver\Images\007FFC57.dat
c:\program files\FunWebProducts\ScreenSaver\Images\007FFFF1.dat
c:\program files\FunWebProducts\ScreenSaver\Images\008029B1.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00802C80.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00805C88.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00805DC1.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00808984.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0080B632.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0080B6DD.dat
c:\program files\FunWebProducts\ScreenSaver\Images\02EA4BE1.dat
c:\program files\FunWebProducts\ScreenSaver\Images\055CFB17.dat
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\0002A1D4.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\0002A4D1.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\0002AAAD.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\000501DC.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\055CFB17.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\018B321A.dat
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCSB000062035\Toolbar\patch.bat
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCSB000062035\Toolbar\settings.xml
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCSB000062035\Toolbar\ShoppingBHO.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCSB000062035\Toolbar\Uninst.exe
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCSB000062035\Toolbar\version.txt
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\aboutTabs.7.js
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\aboutTabs.8.js
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\audio.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\banner_container.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\bookmark_off.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\bookmark_on.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\bookmarksplugin.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\bubble_permissions.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\build
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\caching_banner.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\chevron.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\component.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\default.xml
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\efolder.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\email.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\email2.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\emailchecker_plugin.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\facebook.feature
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\fbrss.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\ff.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\folder.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\Helper.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\icons.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\iefavelem.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\localization.xml
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\location.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\magglass.ico
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\manage_bookmarks.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\marquee.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\marquee_permissions.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\messaging.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\minus.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\msgbox_bubble.tmpl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\msgbox_openmsg.tmpl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\msgboxplugin.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\offline.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\patch.bat
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\plus.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\podcast.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\podcast.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\radio.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\RadioPlugin.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\resize.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\rssfeed.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\RSSReader_plugin.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\search.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\SearchComponent.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\settings
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_dropdwn_down.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_dropdwn_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_dropdwn_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_max_down.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_max_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_max_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_min_down.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_min_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_min_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_pause_down.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_pause_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_pause_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_play_down.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_play_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_play_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_playcntrl_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_playcntrl_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_stop_down.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_stop_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_stop_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_volcntrl_over.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\btn_volcntrl_up.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\Equalizer1.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\Equalizer2.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\Equalizer3.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\skins\radio\gray03\Equalizer4.bmp
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\star_on.gif
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\ticker.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\Toolbar.dll
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\ToolbarUpdate.exe
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\TroubleShooter.exe
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\Uninst.exe
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\update_progress.html
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\version.txt
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\version.xsl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\weather_bubble.tmpl
c:\program files\FunWebProducts\Shared\Cache\%APPDATA%\FCTB000060231\Toolbar\weatherplugin.dll
c:\program files\GuffinsEI
c:\program files\GuffinsEI\Installr\1.bin\NPu4EISb.dll
c:\program files\GuffinsEI\Installr\1.bin\u4EIPlug.dll
c:\program files\GuffinsEI\Installr\1.bin\u4EZSETP.dll
c:\program files\GuffinsEI\Installr\Cache\005F7F34.exe
c:\program files\GuffinsEI\Installr\Cache\files.ini
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-20 23:56 . 2011-11-20 23:56 -------- d-----w- C:\_OTL
2011-11-19 00:56 . 2011-11-19 00:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Grisoft
2011-11-19 00:55 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2011-11-19 00:55 . 2011-11-19 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2011-10-29 04:54 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2011-10-29 04:47 . 2011-10-29 04:47 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-10-29 04:45 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-10-29 04:44 . 2011-10-29 04:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-10-29 04:39 . 2011-10-29 04:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-10-29 04:37 . 2011-10-29 04:54 -------- d-----w- c:\program files\Windows Live
2011-10-29 04:19 . 2011-10-29 04:19 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2010-07-18 1774080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe" [2011-08-16 243360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Itibiti Soft Phone\\Itibiti.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R2 X4HSEx;X4HSEx;c:\program files\Free Ride Games\X4HSEx.sys [10/2/2010 3:59 PM 56352]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2010 4:37 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/20/2010 4:37 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 21:37]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 21:37]
.
2011-11-20 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-13 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AVG Anti-Spyware Driver
AddRemove-MightyMagoo - c:\program files\Mighty Magoo\mmagooun.exe
AddRemove-PageTheme_is1 - c:\program files\PageTheme\unins000.exe
AddRemove-ResultBrowse - c:\program files\ResultBrowse\uninstall.exe
AddRemove-Shop to Win 2 - c:\program files\Shop to Win 2\Uninst.exe
AddRemove-simppulltoolbar - c:\program files\simppulltoolbar\uninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-20 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,51,c4,42,52,70,dc,4f,bb,f3,07,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,51,c4,42,52,70,dc,4f,bb,f3,07,\
.
[HKEY_USERS\S-1-5-21-1060284298-1390067357-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,56,3c,4d,59,15,ae,d8,4b,b7,2f,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,e9,73,4b,84,f9,b4,48,9b,1b,92,\
.
Completion time: 2011-11-20 19:27:04
ComboFix-quarantined-files.txt 2011-11-21 00:27
.
Pre-Run: 22,287,970,304 bytes free
Post-Run: 22,236,663,808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 89BB3B65F66228B813183E0583C1EBEA
  • 0

#5
Gammo
Posted 21 November 2011 - 03:42 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#6
jbcteacher
Posted 26 November 2011 - 06:38 AM

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 209 posts
Just a quick note. Because of the Tday holiday, I haven't had a chance to catch up with my neighbor. I should be seeing her tomorrow. I will repost then. Thanks so much for all you do!
  • 0

#7
Gammo
Posted 26 November 2011 - 10:56 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Fine with me. :thumbsup:
  • 0

#8
Gammo
Posted 21 December 2011 - 04:40 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP