Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bad image [Solved]


  • This topic is locked This topic is locked

#1
ven15

ven15

    Member

  • Member
  • PipPip
  • 22 posts
What is this? how can i fix it?
it is telling me that The application or DLL C:\PROGRA~1\SEARCH~\Datamngr.dll is not a valid Windows image. Please check this against your installation diskette.

I want to know whats happening to my computer is it a virus
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
ven15

ven15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
when i download DeFogger it dont not tell me to reboot machine
  • 0

#5
ven15

ven15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0
Run by Michael at 18:17:13 on 2012-10-29
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1220 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\GAMING~2\bar\1.bin\gtbrmon.exe
C:\PROGRA~1\FILMFA~2\bar\1.bin\pabrmon.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Michael\My Documents\Downloads\SecurityCheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mail.ru/cnt/7227
mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: [email protected]: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
uURLSearchHooks: <No Name>: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - c:\program files\gamingwonderland\bar\1.bin\gtSrcAs.dll
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} -
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
BHO: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh1.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Deals Plugin: {11111111-1111-1111-1111-110011461137} - c:\program files\deals plugin\Deals Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Toolbar BHO: {631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
BHO: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - c:\program files\searchqu toolbar\datamngr\BrowserConnection.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - c:\program files\gamingwonderland\bar\1.bin\gtSrcAs.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO: {d5e9b421-c309-41de-9014-800a2adcdeb0} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: fullscreensavers Toolbar: {fae389d5-e97e-4abd-8242-d9080c709167} - c:\program files\fullscreensavers\prxtbful1.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Acer eDataSecurity Management: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - c:\windows\system32\ToolBand.dll
TB: 4shared.com Toolbar: {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - c:\program files\4shared.com\prxtb4sh1.dll
TB: fullscreensavers Toolbar: {FAE389D5-E97E-4ABD-8242-D9080C709167} - c:\program files\fullscreensavers\prxtbful1.dll
TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
TB: FilmFanatic: {0B84B4B4-8AF8-4F1F-91FE-074A666F6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
TB: Acer eDataSecurity Management: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - c:\windows\system32\ToolBand.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
TB: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh1.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: fullscreensavers Toolbar: {fae389d5-e97e-4abd-8242-d9080c709167} - c:\program files\fullscreensavers\prxtbful1.dll
TB: FilmFanatic: {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: [email protected]: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRun: [SnowWallpaper] c:\program files\artdocks software\animated snow desktop wallpaper\SnowWallpaper.exe
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [4shared Desktop] "c:\program files\4shared desktop\desktop.exe" "startup"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PowerKey] "c:\program files\launch manager\PowerKey.exe"
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Guard.Mail.ru.gui] "c:\program files\mail.ru\guard\GuardMailRu.exe" /gui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [GamingWonderland Search Scope Monitor] "c:\progra~1\gaming~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] c:\progra~1\gaming~2\bar\1.bin\gtbrmon.exe
mRun: [FilmFanatic Search Scope Monitor] "c:\progra~1\filmfa~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
mRun: [FilmFanatic Browser Plugin Loader] c:\progra~1\filmfa~2\bar\1.bin\pabrmon.exe
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [4shared Update] "c:\program files\4shared desktop\checkUpdate.exe"
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ONE_LINK
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: &Search - http://edits.mywebse...Fg&n=2012040711
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\michael\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: NameServer = 65.183.0.77 65.183.0.86
TCP: Interfaces\{79CF9492-D58C-4B44-8F19-A50F47F23861} : DHCPNameServer = 65.183.0.77 65.183.0.86
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\uys8gli1.default\
FF - prefs.js: browser.search.selectedEngine - Поиск@Mail.Ru
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=A6E030D8-2B4F-4CA8-829C-2AAD6838016C&n=77ee4104&ptnrS=Z1xdm040YYjm&si=CPadqM-l1q8CFQW0nQodmDaLBg
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A6E030D8-2B4F-4CA8-829C-2AAD6838016C&n=77ee4104&ind=2012102916&id=Z1xdm040YYjm&ptnrS=Z1xdm040YYjm&si=CPadqM-l1q8CFQW0nQodmDaLBg&searchfor=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\michael\application data\mozilla\firefox\profiles\uys8gli1.default\extensions\{fae389d5-e97e-4abd-8242-d9080c709167}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\filmfanatic\bar\1.bin\NPpaStub.dll
FF - plugin: c:\program files\gamingwonderland\bar\1.bin\NPgtStub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-09-15 14:53; [email protected]; c:\documents and settings\michael\application data\mozilla\firefox\profiles\uys8gli1.default\extensions\[email protected]
FF - ExtSQL: 2012-09-27 20:10; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-10-20 17:52; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2012-03-17 12:43; [email protected]; c:\program files\gamingwonderland\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-04-27 19:59; [email protected]; c:\program files\filmfanatic\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-05-23 19:20; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\searchqu toolbar\datamngr\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-22 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-22 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-22 20696]
R3 POWERKEY;POWERKEY;c:\program files\launch manager\POWERKEY.SYS [2012-2-22 2343]
S1 mailKmd;mailKmd; [x]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11220.sys [2012-9-30 106656]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\fsusbexdisk.sys --> c:\windows\system32\FsUsbExDisk.SYS [?]
.
=============== Created Last 30 ================
.
2012-10-26 01:15:00 -------- d-----w- c:\windows\pss
2012-10-24 01:41:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-24 01:41:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 21:33:50 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-10-23 21:33:20 -------- d-----w- c:\documents and settings\michael\application data\IObit
2012-10-23 21:33:01 -------- d-----w- c:\program files\IObit
2012-10-21 13:37:23 81984 ----a-w- c:\windows\system32\bdod.bin
2012-10-21 02:09:26 -------- d-----w- c:\documents and settings\michael\application data\BitDefender
2012-10-21 02:07:29 -------- d-----w- c:\program files\BitDefender
2012-10-21 02:07:29 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2012-10-21 02:00:57 -------- d-----w- c:\program files\common files\BitDefender
2012-10-21 00:09:40 -------- d-----w- c:\documents and settings\michael\application data\.purple
2012-10-21 00:08:32 -------- d-----w- c:\program files\Paltalk Messenger Interop
2012-10-20 23:48:19 -------- d-----w- c:\documents and settings\michael\application data\Paltalk
2012-10-20 23:45:33 -------- d-----w- c:\program files\Paltalk Messenger
2012-10-20 23:14:08 -------- d-----w- c:\documents and settings\michael\application data\Systweak
2012-10-20 23:13:49 15544 ----a-w- c:\windows\system32\roboot.exe
2012-10-20 22:52:40 -------- d-----w- c:\documents and settings\all users\application data\Hotspot Shield
2012-10-20 22:51:15 -------- d-----w- c:\program files\Hotspot Shield
2012-10-20 22:49:21 -------- d-----w- c:\program files\Artdocks Software
2012-10-20 19:04:02 -------- d-----w- c:\documents and settings\all users\application data\Guard.Mail.Ru
2012-10-20 16:03:29 -------- d-----w- c:\program files\Mail.Ru
2012-10-20 16:03:29 -------- d-----w- c:\documents and settings\michael\local settings\application data\Mail.Ru
2012-10-20 15:12:36 -------- d-----w- c:\documents and settings\michael\application data\AVG2013
2012-10-20 00:01:30 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-10-19 23:59:35 -------- d-----w- c:\program files\AVG
2012-10-19 23:55:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-10-19 23:55:19 -------- d-----w- c:\documents and settings\michael\local settings\application data\MFAData
2012-10-19 23:55:19 -------- d-----w- c:\documents and settings\michael\local settings\application data\Avg2013
2012-10-19 23:55:19 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-10-19 23:46:45 -------- d-----w- c:\program files\Trend Micro
2012-10-06 00:23:07 -------- d-----w- c:\documents and settings\all users\application data\GameHouse
2012-10-03 23:20:04 -------- d-----w- c:\documents and settings\all users\application data\FarmFrenzy3
2012-10-03 23:19:28 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2012-10-03 23:19:19 -------- d-----w- c:\program files\Online Games Manager
2012-10-03 23:14:09 -------- d-----w- c:\program files\RealArcade
2012-10-03 23:13:23 -------- d-----w- C:\Zylom Games
2012-09-30 22:37:43 -------- d-----w- c:\documents and settings\all users\application data\Zylom
.
==================== Find3M ====================
.
2012-10-21 13:36:52 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2012-10-09 00:04:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:04:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-01 18:13:42 39656 ----a-w- c:\windows\system32\drivers\hssdrv.sys
.
============= FINISH: 18:21:23.29 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/21/2012 11:02:15 PM
System Uptime: 10/29/2012 4:45:49 PM (2 hours ago)
.
Motherboard: Acer | | Garda-910
Processor: Intel® Celeron® M processor 1.60GHz | U1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 12.933 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP69: 9/30/2012 8:03:07 PM - Removed Apple Application Support
RP70: 10/2/2012 5:10:30 PM - Removed Apple Mobile Device Support
RP71: 10/2/2012 7:32:16 PM - Removed Facebook Messenger 2.1.4651.0
RP72: 10/2/2012 7:34:57 PM - Removed Facebook Video Calling 1.2.0.159
RP73: 10/15/2012 2:27:06 PM - Restore Operation
RP74: 10/19/2012 6:59:31 PM - Installed AVG 2013
RP75: 10/20/2012 9:06:15 PM - Installed AVG 2013
RP76: 10/20/2012 2:14:05 PM - Uniblue SpeedUpMyPC installation
RP77: 10/20/2012 6:54:55 PM - RegClean Pro Sat, Oct 20, 12 18:54
RP78: 10/20/2012 9:06:37 PM - Installed BitDefender Free Edition 2009
RP79: 10/23/2012 6:16:21 PM - IObit Uninstaller restore point
RP80: 10/23/2012 8:32:08 PM - Restore Operation
.
==== Installed Programs ======================
.
4shared Desktop
4shared.com Toolbar
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.21
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Animated Snow Desktop Wallpaper 1.2.0
Apple Application Support
Apple Mobile Device Support
Ask Toolbar
Atheros Client Installation Program
avast! Free Antivirus
AVG 2013
Big Fish Games: Game Manager
Bonjour
Broadcom 802.11 Network Adapter
Canon iP2700 series Printer Driver
Deals Plugin
Facebook Video Calling 1.2.0.159
Farm Frenzy 3
FilmFanatic Toolbar
fullscreensavers Toolbar
GamingWonderland
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Guard.Mail.ru
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Hotspot Shield 2.67
I Want This
IMVU Avatar Chat Software
Integrated Science Gr7
Intel® Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java™ 7 Update 3
Launch Manager V1.0.9.3
Life Quest&reg; 2: Metropoville
Mail.Ru ??????? 2.4.0.504
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Web Search (Popular Screensavers)
Mysterious Lakes Screensaver 1.0
Online Games Manager v1.10
ooVoo
ooVoo toolbar, powered by Ask.com Updater
Paltalk Messenger 10.2
PC Connectivity Solution
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
RealUpgrade 1.1
RegClean Pro
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Searchqu Toolbar
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Soft Data Fax Modem with SmartCP
swMSM
Synaptics Pointing Device Driver
THE GAME OF LIFE
Uniblue SpeedUpMyPC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Wedding Dash 4-Ever
WIDCOMM Bluetooth Software
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Service Pack 2
Yahoo! Software Update
Yahoo! Toolbar
Year Round Screensaver 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/28/2012 3:22:59 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{79CF9492-D58C-4B44-8F19-A50F47F23861} because another computer on the network has the same name. The server could not start.
10/28/2012 3:22:59 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
10/23/2012 9:22:59 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the file specified.
10/23/2012 8:41:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
10/23/2012 8:40:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
10/23/2012 8:38:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
10/23/2012 8:38:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
10/23/2012 8:37:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
10/23/2012 8:34:09 PM, error: Service Control Manager [7034] - The Guard.Mail.ru service terminated unexpectedly. It has done this 1 time(s).
10/23/2012 7:11:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
10/23/2012 7:10:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
10/23/2012 6:33:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasAuto service.
10/23/2012 6:33:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
10/23/2012 6:32:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
10/23/2012 6:32:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
10/23/2012 6:31:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
10/23/2012 4:10:37 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
10/23/2012 4:03:50 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
10/23/2012 4:01:22 PM, error: Service Control Manager [7000] - The FsUsbExDisk service failed to start due to the following error: The system cannot find the file specified.
10/22/2012 9:37:39 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/22/2012 9:36:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0016CE482615 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/22/2012 7:18:29 PM, error: W3SVC [115] - The service could not bind instance 1. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.
.
==== End Of File ===========================



this is the DDS

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.0
Run by Michael at 18:17:13 on 2012-10-29
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1220 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Online Games Manager\ogmservice.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\GAMING~2\bar\1.bin\gtbrmon.exe
C:\PROGRA~1\FILMFA~2\bar\1.bin\pabrmon.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Michael\My Documents\Downloads\SecurityCheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\find.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mail.ru/cnt/7227
mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: [email protected]: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
uURLSearchHooks: <No Name>: {796b75f6-6187-47e2-8f1f-c16e059e6e19} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - c:\program files\gamingwonderland\bar\1.bin\gtSrcAs.dll
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} -
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} -
BHO: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh1.dll
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - c:\program files\i want this\I Want This.dll
BHO: Deals Plugin: {11111111-1111-1111-1111-110011461137} - c:\program files\deals plugin\Deals Plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Toolbar BHO: {631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
BHO: MailRuBHO Class: {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - c:\program files\searchqu toolbar\datamngr\BrowserConnection.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - c:\program files\gamingwonderland\bar\1.bin\gtSrcAs.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Search Assistant BHO: {d5e9b421-c309-41de-9014-800a2adcdeb0} - c:\program files\filmfanatic\bar\1.bin\paSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: fullscreensavers Toolbar: {fae389d5-e97e-4abd-8242-d9080c709167} - c:\program files\fullscreensavers\prxtbful1.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Acer eDataSecurity Management: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - c:\windows\system32\ToolBand.dll
TB: 4shared.com Toolbar: {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - c:\program files\4shared.com\prxtb4sh1.dll
TB: fullscreensavers Toolbar: {FAE389D5-E97E-4ABD-8242-D9080C709167} - c:\program files\fullscreensavers\prxtbful1.dll
TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
TB: FilmFanatic: {0B84B4B4-8AF8-4F1F-91FE-074A666F6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
TB: Acer eDataSecurity Management: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - c:\windows\system32\ToolBand.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - c:\program files\gamingwonderland\bar\1.bin\gtbar.dll
TB: 4shared.com Toolbar: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\prxtb4sh1.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: fullscreensavers Toolbar: {fae389d5-e97e-4abd-8242-d9080c709167} - c:\program files\fullscreensavers\prxtbful1.dll
TB: FilmFanatic: {0b84b4b4-8af8-4f1f-91fe-074a666f6425} - c:\program files\filmfanatic\bar\1.bin\pabar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: [email protected]: {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\program files\mail.ru\sputnik\MailRuSputnik.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRun: [SnowWallpaper] c:\program files\artdocks software\animated snow desktop wallpaper\SnowWallpaper.exe
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [4shared Desktop] "c:\program files\4shared desktop\desktop.exe" "startup"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PowerKey] "c:\program files\launch manager\PowerKey.exe"
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Guard.Mail.ru.gui] "c:\program files\mail.ru\guard\GuardMailRu.exe" /gui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [GamingWonderland Search Scope Monitor] "c:\progra~1\gaming~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] c:\progra~1\gaming~2\bar\1.bin\gtbrmon.exe
mRun: [FilmFanatic Search Scope Monitor] "c:\progra~1\filmfa~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
mRun: [FilmFanatic Browser Plugin Loader] c:\progra~1\filmfa~2\bar\1.bin\pabrmon.exe
mRun: [EPM-DM] c:\acer\empowering technology\epower\epm-dm.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [4shared Update] "c:\program files\4shared desktop\checkUpdate.exe"
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ONE_LINK
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: &Search - http://edits.mywebse...Fg&n=2012040711
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\michael\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: NameServer = 65.183.0.77 65.183.0.86
TCP: Interfaces\{79CF9492-D58C-4B44-8F19-A50F47F23861} : DHCPNameServer = 65.183.0.77 65.183.0.86
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\uys8gli1.default\
FF - prefs.js: browser.search.selectedEngine - Поиск@Mail.Ru
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=A6E030D8-2B4F-4CA8-829C-2AAD6838016C&n=77ee4104&ptnrS=Z1xdm040YYjm&si=CPadqM-l1q8CFQW0nQodmDaLBg
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A6E030D8-2B4F-4CA8-829C-2AAD6838016C&n=77ee4104&ind=2012102916&id=Z1xdm040YYjm&ptnrS=Z1xdm040YYjm&si=CPadqM-l1q8CFQW0nQodmDaLBg&searchfor=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\michael\application data\mozilla\firefox\profiles\uys8gli1.default\extensions\{fae389d5-e97e-4abd-8242-d9080c709167}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\filmfanatic\bar\1.bin\NPpaStub.dll
FF - plugin: c:\program files\gamingwonderland\bar\1.bin\NPgtStub.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-09-15 14:53; [email protected]; c:\documents and settings\michael\application data\mozilla\firefox\profiles\uys8gli1.default\extensions\[email protected]
FF - ExtSQL: 2012-09-27 20:10; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - ExtSQL: 2012-10-20 17:52; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2012-03-17 12:43; [email protected]; c:\program files\gamingwonderland\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-04-27 19:59; [email protected]; c:\program files\filmfanatic\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-05-23 19:20; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\searchqu toolbar\datamngr\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-22 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-22 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-22 20696]
R3 POWERKEY;POWERKEY;c:\program files\launch manager\POWERKEY.SYS [2012-2-22 2343]
S1 mailKmd;mailKmd; [x]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11220.sys [2012-9-30 106656]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\fsusbexdisk.sys --> c:\windows\system32\FsUsbExDisk.SYS [?]
.
=============== Created Last 30 ================
.
2012-10-26 01:15:00 -------- d-----w- c:\windows\pss
2012-10-24 01:41:56 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-24 01:41:56 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 21:33:50 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-10-23 21:33:20 -------- d-----w- c:\documents and settings\michael\application data\IObit
2012-10-23 21:33:01 -------- d-----w- c:\program files\IObit
2012-10-21 13:37:23 81984 ----a-w- c:\windows\system32\bdod.bin
2012-10-21 02:09:26 -------- d-----w- c:\documents and settings\michael\application data\BitDefender
2012-10-21 02:07:29 -------- d-----w- c:\program files\BitDefender
2012-10-21 02:07:29 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
2012-10-21 02:00:57 -------- d-----w- c:\program files\common files\BitDefender
2012-10-21 00:09:40 -------- d-----w- c:\documents and settings\michael\application data\.purple
2012-10-21 00:08:32 -------- d-----w- c:\program files\Paltalk Messenger Interop
2012-10-20 23:48:19 -------- d-----w- c:\documents and settings\michael\application data\Paltalk
2012-10-20 23:45:33 -------- d-----w- c:\program files\Paltalk Messenger
2012-10-20 23:14:08 -------- d-----w- c:\documents and settings\michael\application data\Systweak
2012-10-20 23:13:49 15544 ----a-w- c:\windows\system32\roboot.exe
2012-10-20 22:52:40 -------- d-----w- c:\documents and settings\all users\application data\Hotspot Shield
2012-10-20 22:51:15 -------- d-----w- c:\program files\Hotspot Shield
2012-10-20 22:49:21 -------- d-----w- c:\program files\Artdocks Software
2012-10-20 19:04:02 -------- d-----w- c:\documents and settings\all users\application data\Guard.Mail.Ru
2012-10-20 16:03:29 -------- d-----w- c:\program files\Mail.Ru
2012-10-20 16:03:29 -------- d-----w- c:\documents and settings\michael\local settings\application data\Mail.Ru
2012-10-20 15:12:36 -------- d-----w- c:\documents and settings\michael\application data\AVG2013
2012-10-20 00:01:30 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-10-19 23:59:35 -------- d-----w- c:\program files\AVG
2012-10-19 23:55:20 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-10-19 23:55:19 -------- d-----w- c:\documents and settings\michael\local settings\application data\MFAData
2012-10-19 23:55:19 -------- d-----w- c:\documents and settings\michael\local settings\application data\Avg2013
2012-10-19 23:55:19 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-10-19 23:46:45 -------- d-----w- c:\program files\Trend Micro
2012-10-06 00:23:07 -------- d-----w- c:\documents and settings\all users\application data\GameHouse
2012-10-03 23:20:04 -------- d-----w- c:\documents and settings\all users\application data\FarmFrenzy3
2012-10-03 23:19:28 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2012-10-03 23:19:19 -------- d-----w- c:\program files\Online Games Manager
2012-10-03 23:14:09 -------- d-----w- c:\program files\RealArcade
2012-10-03 23:13:23 -------- d-----w- C:\Zylom Games
2012-09-30 22:37:43 -------- d-----w- c:\documents and settings\all users\application data\Zylom
.
==================== Find3M ====================
.
2012-10-21 13:36:52 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2012-10-09 00:04:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:04:48 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-01 18:13:42 39656 ----a-w- c:\windows\system32\drivers\hssdrv.sys
.
============= FINISH: 18:21:23.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/21/2012 11:02:15 PM
System Uptime: 10/29/2012 4:45:49 PM (2 hours ago)
.
Motherboard: Acer | | Garda-910
Processor: Intel® Celeron® M processor 1.60GHz | U1 | 1596/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 12.933 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP69: 9/30/2012 8:03:07 PM - Removed Apple Application Support
RP70: 10/2/2012 5:10:30 PM - Removed Apple Mobile Device Support
RP71: 10/2/2012 7:32:16 PM - Removed Facebook Messenger 2.1.4651.0
RP72: 10/2/2012 7:34:57 PM - Removed Facebook Video Calling 1.2.0.159
RP73: 10/15/2012 2:27:06 PM - Restore Operation
RP74: 10/19/2012 6:59:31 PM - Installed AVG 2013
RP75: 10/20/2012 9:06:15 PM - Installed AVG 2013
RP76: 10/20/2012 2:14:05 PM - Uniblue SpeedUpMyPC installation
RP77: 10/20/2012 6:54:55 PM - RegClean Pro Sat, Oct 20, 12 18:54
RP78: 10/20/2012 9:06:37 PM - Installed BitDefender Free Edition 2009
RP79: 10/23/2012 6:16:21 PM - IObit Uninstaller restore point
RP80: 10/23/2012 8:32:08 PM - Restore Operation
.
==== Installed Programs ======================
.
4shared Desktop
4shared.com Toolbar
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.21
Acer eLock Management
Acer Empowering Technology framework
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Animated Snow Desktop Wallpaper 1.2.0
Apple Application Support
Apple Mobile Device Support
Ask Toolbar
Atheros Client Installation Program
avast! Free Antivirus
AVG 2013
Big Fish Games: Game Manager
Bonjour
Broadcom 802.11 Network Adapter
Canon iP2700 series Printer Driver
Deals Plugin
Facebook Video Calling 1.2.0.159
Farm Frenzy 3
FilmFanatic Toolbar
fullscreensavers Toolbar
GamingWonderland
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Guard.Mail.ru
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Hotspot Shield 2.67
I Want This
IMVU Avatar Chat Software
Integrated Science Gr7
Intel® Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java™ 7 Update 3
Launch Manager V1.0.9.3
Life Quest&reg; 2: Metropoville
Mail.Ru ??????? 2.4.0.504
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
My Web Search (Popular Screensavers)
Mysterious Lakes Screensaver 1.0
Online Games Manager v1.10
ooVoo
ooVoo toolbar, powered by Ask.com Updater
Paltalk Messenger 10.2
PC Connectivity Solution
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
RealUpgrade 1.1
RegClean Pro
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
Samsung Mobile USB Modem Device Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SAMSUNG SYMBIAN USB Download Driver
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Searchqu Toolbar
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Soft Data Fax Modem with SmartCP
swMSM
Synaptics Pointing Device Driver
THE GAME OF LIFE
Uniblue SpeedUpMyPC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Wedding Dash 4-Ever
WIDCOMM Bluetooth Software
Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Service Pack 2
Yahoo! Software Update
Yahoo! Toolbar
Year Round Screensaver 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/28/2012 3:22:59 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{79CF9492-D58C-4B44-8F19-A50F47F23861} because another computer on the network has the same name. The server could not start.
10/28/2012 3:22:59 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
10/23/2012 9:22:59 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the file specified.
10/23/2012 8:41:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
10/23/2012 8:40:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.
10/23/2012 8:38:31 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the BITS service.
10/23/2012 8:38:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
10/23/2012 8:37:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
10/23/2012 8:34:09 PM, error: Service Control Manager [7034] - The Guard.Mail.ru service terminated unexpectedly. It has done this 1 time(s).
10/23/2012 7:11:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the dmserver service.
10/23/2012 7:10:58 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
10/23/2012 6:33:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasAuto service.
10/23/2012 6:33:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
10/23/2012 6:32:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
10/23/2012 6:32:14 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
10/23/2012 6:31:44 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
10/23/2012 4:10:37 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
10/23/2012 4:03:50 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
10/23/2012 4:01:22 PM, error: Service Control Manager [7000] - The FsUsbExDisk service failed to start due to the following error: The system cannot find the file specified.
10/22/2012 9:37:39 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
10/22/2012 9:36:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0016CE482615 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/22/2012 7:18:29 PM, error: W3SVC [115] - The service could not bind instance 1. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.
.
==== End Of File ===========================

Edited by ven15, 29 October 2012 - 05:40 PM.

  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#7
ven15

ven15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i don't see the bad image coming up again im wondering if my computer is fix

Attached Files

  • Attached File  Adw.txt   72.55KB   140 downloads

  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
let me have the other report also and please do not attach the reportsjust copy and paste them



gringo
  • 0

#9
ven15

ven15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ok this is the one i attached

# AdwCleaner v2.006 - Logfile created 10/30/2012 at 18:26:00
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Michael - MJ-Q90GBADVVHK5
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Michael\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : MyWebSearchService

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Searchqu Toolbar
File Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\searchplugins\mywebsearch.xml
File Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\searchplugins\my-web-search.xml
File Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\DOCUME~1\charlie.MJ-Q90GBADVVHK5.000\LOCALS~1\Temp\CT2060826
Folder Deleted : C:\DOCUME~1\Michael\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\Michael\LOCALS~1\Temp\CT2060826
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\CT2060826
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\extensions\{fae389d5-e97e-4abd-8242-d9080c709167}
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Local Settings\Application Data\4shared.com
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Local Settings\Application Data\fullscreensavers
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Michael\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Michael\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Michael\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\4shared.com
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\Deals Plugin
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\fullscreensavers
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Documents and Settings\Michael\Local Settings\Application Data\I Want This
Folder Deleted : C:\Program Files\4shared.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Deals Plugin
Folder Deleted : C:\Program Files\fullscreensavers
Folder Deleted : C:\Program Files\GamingWonderland
Folder Deleted : C:\Program Files\I Want This
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files\MyWebSearch
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\4shared.com
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Deals Plugin
Key Deleted : HKCU\Software\fullscreensavers
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\I Want This
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\4shared Tools
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE389D5-E97E-4ABD-8242-D9080C709167}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEE8E0F6-7731-4CCE-A26C-0D5D48142BF4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE389D5-E97E-4ABD-8242-D9080C709167}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\4shared.com
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022462237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BEE8E0F6-7731-4CCE-A26C-0D5D48142BF4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF3FFEB7-FEFA-4F18-B463-F49080D21E16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FAE389D5-E97E-4ABD-8242-D9080C709167}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004637.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004637.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004637.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004637.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.DataControl.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
Key Deleted : HKLM\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465537}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466637}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller
Key Deleted : HKLM\SOFTWARE\Classes\ScreenSaverControl.ScreenSaverInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2060826
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044464437}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\fullscreensavers
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03F0E919-17E3-4930-ADF9-A6FCA966A048}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D7ACAEA-C379-4F85-AAB5-C36DD48220F1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DC0678B-2C96-4651-8B20-9A45FC1E9AB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4644DAC-63BC-457E-909A-AF0545FACE2E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\4shared.com Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Deals Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\fullscreensavers Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE389D5-E97E-4ABD-8242-D9080C709167}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461137}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE8E0F6-7731-4CCE-A26C-0D5D48142BF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BF3FFEB7-FEFA-4F18-B463-F49080D21E16}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4shared.com Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deals Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fullscreensavers Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\SearchquMediabarTb
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A899079D-206F-43A6-BE6A-07E0FA648EA0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE389D5-E97E-4ABD-8242-D9080C709167}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00A6FAF6-072E-44CF-8957-5838F569A31D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A899079D-206F-43A6-BE6A-07E0FA648EA0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FAE389D5-E97E-4ABD-8242-D9080C709167}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [My Web Search Bar Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MyWebSearch Email Plugin]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\prefs.js

C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=A6E030D8-2B4F-4CA[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Deleted : user_pref("extensions.asktb.apn_dbr", "ie_8.0.6001.18702");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "^A2N");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.cr-o", "2164cr");
Deleted : user_pref("extensions.asktb.crumb", "2012.02.24+18.48.59-toolbar005iad-JM-S2luZ3N0b24sSmFtYWljYQ%3D%[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^JM");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "JMXX0002");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.mywebsearch.com/mywebsearch/GGm[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "d39e9b29-b2ef-40ea-acd5-903d770ebc3a");
Deleted : user_pref("extensions.asktb.hpr", "YES");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1351608716615");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Kingston,Jamaica");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.o", "2164");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "7");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "4F37BCC3-C27B-4B37-B81E-99C0F2E7D6E7");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "2/24/2012 9:51:02 PM");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.version", "5.14.1.20007");
Deleted : user_pref("extensions.asktb.volume", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1338510271);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.active", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundver", 16);
Deleted : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1338510271");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1338510271");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Tue Oct 30 2012 18:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Tue Nov 06 2012 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22JM%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1351638775");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2220632%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1351608898528");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221113%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2241294%22");
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1351608794793");
Deleted : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Deleted : user_pref("extensions.crossriderapp2258.2258.domain", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.group", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "91");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Wed Oct 31[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Deleted : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 16);
Deleted : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2258.2258.thankyou", "hxxp://iw.antthis.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2258.2258.ver", 91);
Deleted : user_pref("extensions.crossriderapp2258.apps", "2258");
Deleted : user_pref("extensions.crossriderapp2258.bic", "13ab22813d4e45bf96724d17c1f5c31d");
Deleted : user_pref("extensions.crossriderapp2258.cid", 2258);
Deleted : user_pref("extensions.crossriderapp2258.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2258.installationdate", 1351608702);
Deleted : user_pref("extensions.crossriderapp2258.lastcheck", 22527313);
Deleted : user_pref("extensions.crossriderapp2258.lastcheckitem", 22527321);
Deleted : user_pref("extensions.crossriderapp2258.modetype", "production");
Deleted : user_pref("extensions.crossriderapp2258.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationTime", 1347738782);
Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.active", true);
Deleted : user_pref("extensions.crossriderapp4637.4637.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallationTime.value", "1347738782");
Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.description", "Deals Plugin");
Deleted : user_pref("extensions.crossriderapp4637.4637.domain", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.group", 0);
Deleted : user_pref("extensions.crossriderapp4637.4637.homepage", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.iframe", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.name", "Deals Plugin");
Deleted : user_pref("extensions.crossriderapp4637.4637.newtab", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4637.4637.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4637.4637.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4637.4637.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4637.4637.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4637.4637.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4637.4637.ver", 0);
Deleted : user_pref("extensions.crossriderapp4637.bic", "13ab22813d4e45bf96724d17c1f5c31d");
Deleted : user_pref("extensions.crossriderapp4637.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4637.installationdate", 1351608710);
Deleted : user_pref("extensions.crossriderapp4637.lastcheck", 22527313);
Deleted : user_pref("extensions.crossriderapp4637.lastcheckitem", 22527321);
Deleted : user_pref("extensions.crossriderapp4637.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4637.reportInstall", true);
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.44.0.38070,m3ffxtbr@mywebsear[...]
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&t[...]
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
Deleted : user_pref("extensions.toolbar.mindspark._gtMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=A6E030D8[...]

Profile name : default
File : C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\prefs.js

C:\Documents and Settings\charlie.MJ-Q90GBADVVHK5.000\Application Data\Mozilla\Firefox\Profiles\ti69fg6j.default\user.js ... Deleted !

Deleted : user_pref("CT2060826..clientLogIsEnabled", false);
Deleted : user_pref("CT2060826..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2060826..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2060826.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2060826.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2060826.AppTrackingLastCheckTime", "Sun Apr 08 2012 12:33:34 GMT-0500 (US Eastern Stand[...]
Deleted : user_pref("CT2060826.BrowserCompStateIsOpen_129615983158585310", true);
Deleted : user_pref("CT2060826.CT2060826", "CT2060826");
Deleted : user_pref("CT2060826.CurrentServerDate", "10-4-2012");
Deleted : user_pref("CT2060826.DSInstall", true);
Deleted : user_pref("CT2060826.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2060826.DialogsGetterLastCheckTime", "Sat Apr 07 2012 12:09:41 GMT-0500 (US Eastern Sta[...]
Deleted : user_pref("CT2060826.DownloadReferralCookieData", "");
Deleted : user_pref("CT2060826.EMailNotifierPollDate", "Tue Apr 10 2012 11:59:39 GMT-0500 (US Eastern Standard[...]
Deleted : user_pref("CT2060826.FeedLastCount129269762559381946", 423);
Deleted : user_pref("CT2060826.FeedPollDate128880331793868879", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate128880331793868882", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate128880331793868883", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate128932492092456574", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate129001790474356366", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate129109436547186794", "Tue Apr 10 2012 11:59:41 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate129109873604992905", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate129265582362820300", "Tue Apr 10 2012 11:59:41 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate129266745437038199", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedPollDate129267614305788316", "Tue Apr 10 2012 11:59:40 GMT-0500 (US Eastern[...]
Deleted : user_pref("CT2060826.FeedTTL128880331793868879", 40);
Deleted : user_pref("CT2060826.FeedTTL128880331793868882", 40);
Deleted : user_pref("CT2060826.FeedTTL128880331793868883", 40);
Deleted : user_pref("CT2060826.FeedTTL128932492092456574", 40);
Deleted : user_pref("CT2060826.FeedTTL129001790474356366", 40);
Deleted : user_pref("CT2060826.FeedTTL129109436547186794", 40);
Deleted : user_pref("CT2060826.FeedTTL129109873604992905", 40);
Deleted : user_pref("CT2060826.FeedTTL129265582362820300", 40);
Deleted : user_pref("CT2060826.FeedTTL129266745437038199", 40);
Deleted : user_pref("CT2060826.FeedTTL129267614305788316", 40);
Deleted : user_pref("CT2060826.FirstServerDate", "7-4-2012");
Deleted : user_pref("CT2060826.FirstTime", true);
Deleted : user_pref("CT2060826.FirstTimeFF3", true);
Deleted : user_pref("CT2060826.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2060826.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2060826.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2060826.HPInstall", true);
Deleted : user_pref("CT2060826.HasUserGlobalKeys", true);
Deleted : user_pref("CT2060826.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2060826.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2060826&SearchSource=[...]
Deleted : user_pref("CT2060826.Initialize", true);
Deleted : user_pref("CT2060826.InitializeCommonPrefs", true);
Deleted : user_pref("CT2060826.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2060826.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2060826.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2060826.InstalledDate", "Sat Apr 07 2012 12:09:52 GMT-0500 (US Eastern Standard Time)")[...]
Deleted : user_pref("CT2060826.InvalidateCache", false);
Deleted : user_pref("CT2060826.IsAlertDBUpdated", true);
Deleted : user_pref("CT2060826.IsGrouping", false);
Deleted : user_pref("CT2060826.IsInitSetupIni", true);
Deleted : user_pref("CT2060826.IsMulticommunity", false);
Deleted : user_pref("CT2060826.IsOpenThankYouPage", false);
Deleted : user_pref("CT2060826.IsOpenUninstallPage", true);
Deleted : user_pref("CT2060826.IsProtectorsInit", true);
Deleted : user_pref("CT2060826.LanguagePackLastCheckTime", "Mon Apr 09 2012 16:05:01 GMT-0500 (US Eastern Stan[...]
Deleted : user_pref("CT2060826.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2060826.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2060826.LastLogin_3.11.0.3", "Tue Apr 10 2012 08:27:38 GMT-0500 (US Eastern Standard Ti[...]
Deleted : user_pref("CT2060826.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2060826.Locale", "en");
Deleted : user_pref("CT2060826.MAX_NUMBER_OF_ALERTS_129615983158585310", "1_1333839998221");
Deleted : user_pref("CT2060826.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2060826.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2060826.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2060826.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2060826.OriginalFirstVersion", "3.11.0.3");
Deleted : user_pref("CT2060826.RadioIsPodcast", false);
Deleted : user_pref("CT2060826.RadioLastCheckTime", "Mon Apr 09 2012 16:05:00 GMT-0500 (US Eastern Standard Ti[...]
Deleted : user_pref("CT2060826.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2060826.RadioLastUpdateServer", "129167840687570000");
Deleted : user_pref("CT2060826.RadioMediaID", "20503966");
Deleted : user_pref("CT2060826.RadioMediaType", "Media Player");
Deleted : user_pref("CT2060826.RadioMenuSelectedID", "EBRadioMenu_CT206082620503966");
Deleted : user_pref("CT2060826.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2060826.RadioStationName", "Metal%20Rock");
Deleted : user_pref("CT2060826.RadioStationURL", "hxxp://syndication.choiceradio.com/asxplay/asx-music/bb/389_[...]
Deleted : user_pref("CT2060826.SavedHomepage", "hxxp://www.ask.com/?l=dis&o=2164&gct=hp");
Deleted : user_pref("CT2060826.SearchCaption", "fullscreensavers Customized Web Search");
Deleted : user_pref("CT2060826.SearchEngineBeforeUnload", "fullscreensavers Customized Web Search");
Deleted : user_pref("CT2060826.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2060826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT206[...]
Deleted : user_pref("CT2060826.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2060826.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2060826.SearchInNewTabLastCheckTime", "Mon Apr 09 2012 16:04:58 GMT-0500 (US Eastern St[...]
Deleted : user_pref("CT2060826.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2060826.SearchProtectorEnabled", true);
Deleted : user_pref("CT2060826.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2060826.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2060826.ServiceMapLastCheckTime", "Mon Apr 09 2012 16:04:59 GMT-0500 (US Eastern Standa[...]
Deleted : user_pref("CT2060826.SettingsLastCheckTime", "Tue Apr 10 2012 11:59:37 GMT-0500 (US Eastern Standard[...]
Deleted : user_pref("CT2060826.SettingsLastUpdate", "1333626624");
Deleted : user_pref("CT2060826.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2060826&SearchSource=13");
Deleted : user_pref("CT2060826.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2060826.ThirdPartyComponentsLastCheck", "Sat Apr 07 2012 12:09:35 GMT-0500 (US Eastern [...]
Deleted : user_pref("CT2060826.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2060826.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2060826.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2060826");
Deleted : user_pref("CT2060826.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2060826.UserID", "UN21006947787143004");
Deleted : user_pref("CT2060826.WeatherNetwork", "");
Deleted : user_pref("CT2060826.WeatherPollDate", "Tue Apr 10 2012 11:59:41 GMT-0500 (US Eastern Standard Time)[...]
Deleted : user_pref("CT2060826.WeatherUnit", "C");
Deleted : user_pref("CT2060826.alertChannelId", "507204");
Deleted : user_pref("CT2060826.autoDisableScopes", -1);
Deleted : user_pref("CT2060826.backendstorage.activationstep", "33");
Deleted : user_pref("CT2060826.backendstorage.firstrun", "31333333383138363137313635");
Deleted : user_pref("CT2060826.backendstorage.loadtimes", "3135");
Deleted : user_pref("CT2060826.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2060826.globalFirstTimeInfoLastCheckTime", "Sat Apr 07 2012 12:09:41 GMT-0500 (US Easte[...]
Deleted : user_pref("CT2060826.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2060826.initDone", true);
Deleted : user_pref("CT2060826.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2060826.isFirstRadioInstallation", false);
Deleted : user_pref("CT2060826.myStuffEnabled", true);
Deleted : user_pref("CT2060826.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2060826.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2060826.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2060826.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2060826.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2060826.revertSettingsEnabled", true);
Deleted : user_pref("CT2060826.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2060826.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2060826.testingCtid", "");
Deleted : user_pref("CT2060826.toolbarAppMetaDataLastCheckTime", "Mon Apr 09 2012 16:05:01 GMT-0500 (US Easter[...]
Deleted : user_pref("CT2060826.toolbarContextMenuLastCheckTime", "Sat Apr 07 2012 12:09:52 GMT-0500 (US Easter[...]
Deleted : user_pref("CT2060826.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2060826&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "fullscreensavers Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2060826/CT2060826[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/507204/503074/JM", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2060826", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2060826",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ced[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/11348282.xml", "\"5c074a7ab1a6122a3ae[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"56a9ba2dedd53dffdc1e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"72c76b9922dfa9f9005[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16727535.xml", "\"41665b8035fada69f86[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19058681.xml", "\"9d3b2a5531df9cb9087[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"457e7fc3fc4a06ed976[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/2883841.xml", "\"9ba438276f5df11f9936[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"2e548ee96495af26f12ee[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/807095.xml", "\"df0f584a702a93421cdc6[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"70ced0908c0ff9a53140a[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\charlie.MJ-Q90GBAD[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.11.0.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2060826");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2060826");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2060826");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 09 2012 16:04:59 GMT-0500 (US [...]
Deleted : user_pref("CommunityToolbar.globalUserId", "e872d88b-1e1f-4c09-a8a9-a51aea014fda");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2060826");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 07 2012 12:09:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Apr 09 2012 16:05:12 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Apr 09 2012 16:04:59 GMT-0500 (U[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "087408a4-cb65-45a5-89de-f5150ee8ab72");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com/?l=dis&o=2164&gct=hp");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("CommunityToolbar.twitter.user_11348282.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500 [...]
Deleted : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500[...]
Deleted : user_pref("CommunityToolbar.twitter.user_2883841.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500 [...]
Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500 ([...]
Deleted : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500 ([...]
Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Apr 10 2012 11:59:42 GMT-0500 ([...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "fullscreensavers Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2060826&Sea[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "fullscreensavers Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2060826&SearchSource=13");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2060826&SearchSource=2&q=[...]
Deleted : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [74158 octets] - [30/10/2012 18:26:00]

########## EOF - C:\AdwCleaner[S1].txt - [74219 octets] ##########
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#12
ven15

ven15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i didnt go on my computer for a while due to school bt ill try it now
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I will see you then


gringo
  • 0

#14
ven15

ven15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
ComboFix 12-11-03.02 - Michael 11/03/2012 17:30:01.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1325 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Michael\My Documents\.TMP
c:\documents and settings\Michael\My Documents\~WRL0003.tmp
c:\documents and settings\Michael\My Documents\~WRL0261.tmp
c:\documents and settings\Michael\My Documents\~WRL1024.tmp
c:\documents and settings\Michael\My Documents\~WRL1494.tmp
c:\documents and settings\Michael\My Documents\~WRL2482.tmp
c:\documents and settings\Michael\My Documents\~WRL4026.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET2C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FILMFANATICSERVICE
-------\Service_FilmFanaticService
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-10-31 21:54 . 2012-10-31 21:54 -------- d-----w- C:\RK_Quarantine
2012-10-30 23:26 . 2012-10-30 23:26 101 ----a-w- c:\windows\DeleteOnReboot.bat
2012-10-24 01:41 . 2012-10-24 01:41 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-23 23:11 . 2012-10-23 23:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-10-23 21:34 . 2012-10-23 21:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\IObit
2012-10-23 21:33 . 2012-10-23 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-10-23 21:33 . 2012-10-23 23:15 -------- d-----w- c:\documents and settings\Michael\Application Data\IObit
2012-10-23 21:33 . 2012-10-23 21:33 -------- d-----w- c:\program files\IObit
2012-10-21 13:37 . 2012-10-24 01:41 81984 ----a-w- c:\windows\system32\bdod.bin
2012-10-21 13:04 . 2012-10-21 13:04 -------- d-----w- c:\documents and settings\Guest
2012-10-21 02:09 . 2012-10-21 02:09 -------- d-----w- c:\documents and settings\Michael\Application Data\BitDefender
2012-10-21 02:07 . 2012-10-21 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2012-10-21 02:07 . 2012-10-21 02:07 -------- d-----w- c:\program files\BitDefender
2012-10-21 02:00 . 2012-10-21 02:07 -------- d-----w- c:\program files\Common Files\BitDefender
2012-10-21 00:09 . 2012-10-21 00:15 -------- d-----w- c:\documents and settings\Michael\Application Data\.purple
2012-10-21 00:08 . 2012-10-21 00:08 -------- d-----w- c:\program files\Paltalk Messenger Interop
2012-10-20 23:48 . 2012-10-21 00:06 -------- d-----w- c:\documents and settings\Michael\Application Data\Paltalk
2012-10-20 23:45 . 2012-10-20 23:49 -------- d-----w- c:\program files\Paltalk Messenger
2012-10-20 23:14 . 2012-10-22 00:00 -------- d-----w- c:\documents and settings\Michael\Application Data\Systweak
2012-10-20 23:13 . 2012-09-21 17:05 15544 ----a-w- c:\windows\system32\roboot.exe
2012-10-20 22:52 . 2012-10-20 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hotspot Shield
2012-10-20 22:51 . 2012-10-20 22:52 -------- d-----w- c:\program files\Hotspot Shield
2012-10-20 22:49 . 2012-10-20 22:49 -------- d-----w- c:\program files\Artdocks Software
2012-10-20 19:04 . 2012-10-27 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Guard.Mail.Ru
2012-10-20 18:37 . 2012-10-20 18:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-10-20 16:03 . 2012-10-20 16:03 -------- d-----w- c:\program files\Mail.Ru
2012-10-20 16:03 . 2012-10-20 16:03 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Mail.Ru
2012-10-20 15:12 . 2012-10-20 15:12 -------- d-----w- c:\documents and settings\Michael\Application Data\AVG2013
2012-10-20 00:01 . 2012-10-21 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-10-19 23:59 . 2012-10-19 23:59 -------- d-----w- c:\program files\AVG
2012-10-19 23:55 . 2012-10-19 23:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-10-19 23:55 . 2012-10-19 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-10-19 23:55 . 2012-10-19 23:55 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\MFAData
2012-10-19 23:55 . 2012-10-19 23:55 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Avg2013
2012-10-19 23:46 . 2012-10-19 23:48 -------- d-----w- c:\program files\Trend Micro
2012-10-06 00:23 . 2012-10-06 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 13:36 . 2009-04-15 20:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
2012-10-09 00:04 . 2012-02-22 16:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:04 . 2012-02-22 16:39 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-27 04:41 . 2012-10-27 04:40 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-22 39408]
"SnowWallpaper"="c:\program files\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe" [2010-10-21 241664]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-09-10 27115128]
"4shared Desktop"="c:\program files\4shared Desktop\desktop.exe" [2011-03-16 4613624]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-28 296096]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-08-24 94208]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-08-24 114688]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-08-24 77824]
"Guard.Mail.ru.gui"="c:\program files\Mail.Ru\Guard\GuardMailRu.exe" [2012-10-27 2241128]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-11 212992]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ACU"="c:\program files\Atheros\ACU.exe" [2005-01-31 253952]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"4shared Update"="c:\program files\4shared Desktop\checkUpdate.exe" [2011-03-16 608760]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2012-10-1 8356008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mail.Ru\\Sputnik\\SputnikHelper.exe"=
"c:\\Program Files\\Mail.Ru\\Sputnik\\SputnikFlashPlayer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/22/2012 12:30 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/22/2012 12:30 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/22/2012 12:30 PM 20696]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [10/20/2012 11:03 AM 2241128]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [8/2/2012 8:12 PM 387440]
R2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [6/8/2012 2:02 AM 521344]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2/22/2012 10:55 AM 2343]
S1 mailKmd;mailKmd; [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [3/17/2012 2:20 PM 238952]
S2 GamingWonderlandService;GamingWonderlandService;c:\progra~1\GAMING~2\bar\1.bin\gtbarsvc.exe --> c:\progra~1\GAMING~2\bar\1.bin\gtbarsvc.exe [?]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [9/30/2012 10:27 PM 106656]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.287\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.287\McCHSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-22 00:04]
.
2012-11-03 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-10-23 19:59]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 16:37]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-22 16:37]
.
2012-11-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-436374069-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2012-10-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-436374069-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.ru/cnt/7227
mStart Page = hxxp://www.yahoo.com/?fr=fp-ygamesbar&type=yahoo_oberon_ygames_ytb
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINK
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Michael\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 65.183.0.77 65.183.0.86
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\uys8gli1.default\
FF - prefs.js: browser.search.selectedEngine - Поиск@Mail.Ru
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?fr=fftb&q=
FF - ExtSQL: 2012-09-27 20:10; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
HKCU-Run-RDReminder - c:\program files\RegClean Pro\RegCleanPro.exe
HKLM-Run-GamingWonderland Search Scope Monitor - c:\progra~1\GAMING~2\bar\1.bin\gtsrchmn.exe
HKLM-Run-GamingWonderland Browser Plugin Loader - c:\progra~1\GAMING~2\bar\1.bin\gtbrmon.exe
HKLM-Run-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
AddRemove-AVG - c:\program files\AVG\AVG2013\avgmfapx.exe
AddRemove-HotspotShield - c:\program files\Hotspot Shield\Uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-RegClean Pro_is1 - c:\program files\RegClean Pro\unins000.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-03 18:37
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\System32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\WLTRAY.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2012-11-03 18:48:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-03 23:47
.
Pre-Run: 14,113,722,368 bytes free
Post-Run: 14,251,843,584 bytes free
.
- - End Of File - - 73A2A6A0887C0B495027BE3BD7D5EDA7


This took me along time to do sometimes i was wondering if it was working my desktop wasnt showing me nt for a long time
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP