Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mystart by Incredibar [Closed]

Started by RBB_Helpme , Apr 12 2013 09:26 AM

  • This topic is locked This topic is locked

#1
RBB_Helpme
Posted 12 April 2013 - 09:26 AM

RBB_Helpme

    Member

  • Member
  • PipPip
  • 10 posts
Visiting my father, and his Home page has been hijacked, and no matter what I try to delete the home page it says that it is protected and changes are not applied. It does not show up in installed programs, but it is still there.

OTL log:

OTL logfile created on: 4/12/2013 10:54:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\b\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 76.55% Memory free
4.06 Gb Paging File | 3.52 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 41.69 Gb Free Space | 54.62% Space Free | Partition Type: NTFS

Computer Name: B-ECCD4071C2274 | User Name: b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/12 10:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\b\Desktop\OTL.exe
PRC - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
PRC - [2013/04/06 12:34:11 | 000,210,312 | ---- | M] (215 Apps) -- C:\Documents and Settings\b\Local Settings\Application Data\Updater26278\Updater26278.exe
PRC - [2013/04/06 12:34:02 | 001,054,600 | ---- | M] (215 Apps) -- c:\Program Files\Solid Savings\Solid Savings-bg.exe
PRC - [2013/04/05 12:30:02 | 000,210,312 | ---- | M] (Innovative Apps) -- C:\Documents and Settings\b\Local Settings\Application Data\Updater19962\Updater19962.exe
PRC - [2013/04/05 12:29:23 | 001,494,408 | ---- | M] (Innovative Apps) -- c:\Program Files\Supreme Savings\Supreme Savings-bg.exe
PRC - [2013/04/04 15:22:28 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/06 08:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Documents and Settings\b\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/03/06 08:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/03/05 16:50:13 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2013/01/29 08:37:28 | 000,015,152 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe
PRC - [2012/10/18 12:10:42 | 000,103,864 | ---- | M] () -- C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
PRC - [2012/10/18 12:10:34 | 001,255,352 | ---- | M] (ShopAtHome.com) -- C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
PRC - [2012/04/25 10:46:00 | 000,667,648 | ---- | M] (Global Graphics Software Ltd.) -- C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe
PRC - [2012/04/25 10:45:20 | 000,073,728 | ---- | M] (Global Graphics Software Ltd) -- C:\WINDOWS\system32\CorelCreatorMessages.exe
PRC - [2011/10/05 13:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2011/06/05 21:41:34 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2011/06/05 21:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/04/14 19:56:02 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/12 03:45:46 | 002,081,792 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13041200\algo.dll
MOD - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
MOD - [2013/04/07 04:52:34 | 000,027,136 | ---- | M] () -- C:\WINDOWS\system32\ImHttpComm.dll
MOD - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
MOD - [2013/01/29 08:37:28 | 000,015,152 | ---- | M] () -- C:\WINDOWS\system32\jmdp\stij.exe
MOD - [2013/01/29 08:36:42 | 000,254,976 | ---- | M] () -- C:\WINDOWS\system32\jmdp\lmrn.dll
MOD - [2013/01/13 14:32:26 | 000,656,504 | ---- | M] () -- C:\Program Files\Coupon Savings\toolbar.dll
MOD - [2013/01/02 12:58:30 | 000,362,029 | ---- | M] () -- C:\WINDOWS\system32\jmdp\sqlite3.dll
MOD - [2012/10/18 12:10:42 | 000,103,864 | ---- | M] () -- C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MOD - [2012/10/18 12:10:18 | 000,049,080 | ---- | M] () -- C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll
MOD - [2012/04/25 10:46:18 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\corelcreatorpm.dll
MOD - [2010/04/01 17:24:30 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebdrs.dll
MOD - [2009/12/16 11:42:14 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebmicro.dll
MOD - [2009/11/09 08:06:46 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebprpr.dll
MOD - [2009/11/04 13:14:40 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdrui.dll
MOD - [2009/11/04 13:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll
MOD - [2009/05/18 13:29:08 | 000,819,200 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebptpc.dll
MOD - [2009/03/10 05:43:50 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro200-S500 Series\lxebcaps.dll


========== Services (SafeList) ==========

SRV - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/04/04 15:22:28 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/03/12 14:19:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/06 08:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/03/05 16:50:13 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2012/04/25 10:45:20 | 000,073,728 | ---- | M] (Global Graphics Software Ltd) [On_Demand | Running] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
SRV - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/04/14 19:56:02 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxebcoms.exe -- (lxeb_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/05/14 20:41:28 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2012/05/14 20:41:28 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/08/13 23:40:22 | 000,240,128 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/08/01 00:20:12 | 000,025,578 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/08/01 00:20:06 | 000,030,246 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/08/01 00:19:58 | 000,132,058 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/08/01 00:16:30 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...5-000CF1BBE1BA}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=06-04-2013
&tb_mrud=06-04-2013

IE - HKLM\..\SearchScopes\{C4B4A6FC-9F01-42BA-88D3-EEB0286722A6}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...5-000CF1BBE1BA}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\URLSearchHook: {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{055D540B-B828-4BC0-9D73-9D193EEA3A0C}: "URL" = http://websearch.ask...DA-7242E1A2EC24
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=06-04-2013
&tb_mrud=06-04-2013

IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{5F93940D-95B9-4F28-9358-1B3B50F30B40}: "URL" = http://search.condui...0171887124&UM=2
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{C4B4A6FC-9F01-42BA-88D3-EEB0286722A6}: "URL" = http://www.google.co...1I7ADRA_enUS491
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=6OyFYR1LLg
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...5-000CF1BBE1BA}
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{FE175CA8-0B29-42C5-8780-EF681D54C180}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/04/05 12:30:33 | 000,000,000 | ---D | M]

[2013/04/01 15:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\b\Application Data\Mozilla\Firefox\extensions
[2013/04/01 15:09:44 | 000,000,000 | ---D | M] (UnfriendApp) -- C:\Documents and Settings\b\Application Data\Mozilla\Firefox\extensions\[email protected]
[2012/06/24 23:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\b\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.22.6_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\b\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.22.6_0\
CHR - Extension: No name found = C:\Documents and Settings\b\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\
CHR - Extension: No name found = C:\Documents and Settings\b\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.47_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\b\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.47_0\

O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Supreme Savings) - {11111111-1111-1111-1111-110111991162} - C:\Program Files\Supreme Savings\Supreme Savings.dll (Innovative Apps)
O2 - BHO: (Solid Savings) - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings.dll (215 Apps)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll (UnfriendApp)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files\Coupon Savings\toolbar.dll ()
O2 - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (MixiDJ V4 Toolbar) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files\SaveValet\ie\SaveValetIE_32.dll (Save Valet)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (MixiDJ V4 Toolbar) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\Toolbar\WebBrowser: (MixiDJ V4 Toolbar) - {C846D9B8-4CC6-491E-893F-7EE1D979AFA3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CorelCreatorClient] C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [SearchProtect] C:\Documents and Settings\b\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [Updater19962.exe] C:\Documents and Settings\b\Local Settings\Application Data\Updater19962\Updater19962.exe (Innovative Apps)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [Updater26278.exe] C:\Documents and Settings\b\Local Settings\Application Data\Updater26278\Updater26278.exe (215 Apps)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\RunOnce: [WCIEClnOnce] C:\Program Files\blcorp\WCCSC\WCOC\WCNSCln.exe (Business Logic Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1337045564578 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5856C2AD-D499-48CF-9E73-2E9C2E50E0A1}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/13 22:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/12 10:47:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\b\Desktop\OTL.exe
[2013/04/06 12:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\AOL Toolbar
[2013/04/06 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\SaveValet
[2013/04/06 12:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Start Menu\Programs\Wajam
[2013/04/06 12:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013/04/06 12:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\Updater26278
[2013/04/06 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings
[2013/04/06 12:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2013/04/06 12:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2013/04/06 12:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2013/04/05 12:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/04/05 12:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\SearchProtect
[2013/04/05 12:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\MixiDJ_V4
[2013/04/05 12:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\MixiDJ_V4
[2013/04/05 12:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/04/05 12:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\player
[2013/04/05 12:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/04/05 12:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\Updater19962
[2013/04/05 12:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Supreme Savings
[2013/04/05 12:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC TEKNIX
[2013/04/05 12:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Extreme Flash Player
[2013/04/01 15:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\Mozilla
[2013/04/01 15:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\UnfriendApp
[2013/03/26 08:55:37 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

========== Files - Modified Within 30 Days ==========

[2013/04/12 10:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\b\Desktop\OTL.exe
[2013/04/12 10:35:24 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90B3CD0E-F9F3-44AC-B4F9-671B8981D1E9}.job
[2013/04/12 10:21:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/12 10:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/12 08:55:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/12 08:19:49 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/12 08:19:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/12 08:19:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/12 08:18:30 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/12 08:18:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/11 21:00:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RegTask.job
[2013/04/11 15:54:16 | 000,000,024 | ---- | M] () -- C:\WINDOWS\Kyor.ini
[2013/04/11 08:21:31 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/09 22:37:28 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\b\My Documents\spider.sav
[2013/04/07 04:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\System32\dmwu.exe
[2013/04/07 04:52:34 | 000,027,136 | ---- | M] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/04/06 22:54:01 | 000,493,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/06 22:54:01 | 000,084,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/06 12:33:29 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/03/26 08:55:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/18 16:13:53 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.5.lnk

========== Files Created - No Company Name ==========

[2013/04/06 12:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/06 12:33:29 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/03/26 08:55:38 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/26 08:55:38 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/11 10:54:42 | 000,000,598 | ---- | C] () -- C:\WINDOWS\csreg.dat
[2012/11/22 00:42:45 | 000,136,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1960408961-842925246-1003-0.dat
[2012/11/20 23:44:15 | 000,136,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/24 15:17:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\tvml.INI
[2012/10/22 19:37:41 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\b\g2mdlhlpx.exe
[2012/10/22 14:54:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PZMSTART.INI
[2012/08/28 20:00:21 | 001,156,400 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2012/08/28 20:00:21 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2012/06/06 16:59:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2012/05/15 10:16:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2012/05/15 10:16:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2012/05/15 10:15:40 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini
[2012/05/15 10:15:33 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll
[2012/05/15 10:15:05 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2012/05/15 10:14:42 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2012/05/15 10:14:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2012/05/14 21:53:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/14 15:37:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/13 22:59:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 22:53:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/13 18:37:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/13 18:36:21 | 000,170,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/25 10:46:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\corelcreatorpm.dll
[2012/04/25 10:45:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\CorelCreatorMessagesPS.dll

========== ZeroAccess Check ==========

[2012/05/14 13:27:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 14:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/28 11:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/05/15 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/13 14:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Coupon Savings
[2012/11/20 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2012/12/14 20:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2012/12/14 20:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2012/07/06 18:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2013/03/11 17:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/12/14 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2012/06/25 09:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PictureMover
[2013/01/26 08:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REGSERVO
[2013/02/02 10:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegTask
[2013/03/21 03:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/20 14:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens PictureMover
[2012/11/12 14:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Activeris
[2012/07/04 19:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Business Logic
[2012/05/14 13:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Easeware
[2012/11/20 19:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Garmin
[2013/03/11 22:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Nuance
[2012/06/07 12:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Oracle
[2012/06/26 09:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\PictureMover
[2013/04/05 12:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\player
[2013/04/05 12:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\PriceGong
[2013/04/05 12:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\SearchProtect
[2013/03/09 10:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\ShopAtHome
[2012/06/24 23:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8

< End of report >


OTL Extras:

OTL Extras logfile created on: 4/12/2013 10:54:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\b\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 76.55% Memory free
4.06 Gb Paging File | 3.52 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 41.69 Gb Free Space | 54.62% Space Free | Partition Type: NTFS

Computer Name: B-ECCD4071C2274 | User Name: b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = jsfile] -- C:\Corel\Suite8\Programs\CCWin\CSCAPE.EXE (Netscape Communications Corporation)

[HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- C:\Corel\Suite8\Programs\CCWin\Cscape.exe (Netscape Communications Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxebcoms.exe" = C:\WINDOWS\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( )
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu -- ()
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{113DE59D-B57A-4075-9D4F-5803DFA69EB7}" = Walgreens PictureMover
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45C4E2EC-53D5-4190-B1A5-02B9BA732C3A}" = Garmin City Navigator NorthAmerica NT 2013.30 Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4FAFC48A-73CD-4ECF-BF89-32825E6360FA}" = Corel PDF Fusion
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}" = Extreme Flash Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.566
"{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Toolbar" = AOL Toolbar
"avast" = avast! Pro Antivirus
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"Coupon Savings" = Coupon Savings
"ie8" = Windows Internet Explorer 8
"MahJongg Master 3" = MahJongg Master 3
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Minibug" = WeatherBug Download Manager
"MixiDJ_V4 Toolbar" = MixiDJ V4 Toolbar
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Puzzle Master 2" = Puzzle Master 2
"SaveValet_IE" = SaveValet IE - Stop overpaying! Instantly get the lowest price and best deals right as you shop.
"SearchProtect" = Search Protect by conduit
"ShopAtHome.com Helper" = ShopAtHome.com Helper
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Solid Savings" = Solid Savings
"Supreme Savings" = Supreme Savings
"UnfriendApp" = UnfriendApp
"Wajam" = Wajam
"WinCleaner OneClick CleanUp_is1" = WinCleaner OneClick Cleanup Version 10
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WNLT" = IB Updater Service
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2013 12:36:18 PM | Computer Name = B-ECCD4071C2274 | Source = Application Error | ID = 1001
Description = Fault bucket -830724351.

Error - 4/6/2013 1:03:03 PM | Computer Name = B-ECCD4071C2274 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19403, fault address 0x00277f0e.

Error - 4/6/2013 1:03:15 PM | Computer Name = B-ECCD4071C2274 | Source = Application Error | ID = 1001
Description = Fault bucket -820199437.

Error - 4/6/2013 4:47:59 PM | Computer Name = B-ECCD4071C2274 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2013 4:48:06 PM | Computer Name = B-ECCD4071C2274 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/7/2013 4:42:37 PM | Computer Name = B-ECCD4071C2274 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/9/2013 1:35:10 PM | Computer Name = B-ECCD4071C2274 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/10/2013 9:05:36 AM | Computer Name = B-ECCD4071C2274 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module httphandle302.dll, version 1.0.0.1, fault address 0x00007b06.

Error - 4/10/2013 12:27:34 PM | Computer Name = B-ECCD4071C2274 | Source = Application Error | ID = 1000
Description = Faulting application weather.exe, version 6.8.0.8, faulting module
ieframe.dll, version 8.0.6001.19401, fault address 0x00125c00.

Error - 4/10/2013 4:08:18 PM | Computer Name = B-ECCD4071C2274 | Source = Application Error | ID = 1001
Description = Fault bucket -830724351.

[ System Events ]
Error - 4/5/2013 12:36:14 PM | Computer Name = B-ECCD4071C2274 | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\WINDOWS\Temp\Optimizer_Pro.exe"
on line 30.

Error - 4/5/2013 12:36:14 PM | Computer Name = B-ECCD4071C2274 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\Temp\Optimizer_Pro.exe.
Reference
error message: The operation completed successfully. .

Error - 4/5/2013 12:36:14 PM | Computer Name = B-ECCD4071C2274 | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\Windows\Temp\Optimizer_Pro.exe"
on line 30.

Error - 4/5/2013 12:36:14 PM | Computer Name = B-ECCD4071C2274 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Windows\Temp\Optimizer_Pro.exe.
Reference
error message: The operation completed successfully. .

Error - 4/5/2013 11:16:21 PM | Computer Name = B-ECCD4071C2274 | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.


< End of report >


Any help appreciated.

Tom, for Bob
  • 0

Advertisements

#2
Buddierdl
Posted 12 April 2013 - 09:33 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am reviewing your logs and will post some directions soon.
  • 0

#3
Buddierdl
Posted 12 April 2013 - 12:07 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi RBB_Helpme,

Let's get started.

Step 1: Uninstall these programs using the Add/Remove section of the Control Panel. If one won't remove, move to the next one and let me know.
  • Updater By SweetPacks 2.0.0.566
  • Coupon Savings
  • MixiDJ V4 Toolbar
  • SaveValet IE
  • Search Protect by conduit
  • ShopAtHome.com Helpe
  • Solid Savings
  • Supreme Savings
  • UnfriendApp
  • Wajam

Step 1: Run OTL fix.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
[createrestorepoint]

:OTL
MOD - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
MOD - [2013/01/13 14:32:26 | 000,656,504 | ---- | M] () -- C:\Program Files\Coupon Savings\toolbar.dll
MOD - [2012/10/18 12:10:42 | 000,103,864 | ---- | M] () -- C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MOD - [2012/10/18 12:10:18 | 000,049,080 | ---- | M] () -- C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll
MOD - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
MOD - [2013/04/07 04:52:34 | 000,027,136 | ---- | M] () -- C:\WINDOWS\system32\ImHttpComm.dll

SRV - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/03/06 08:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...5-000CF1BBE1BA}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...5-000CF1BBE1BA}

IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\URLSearchHook: {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{5F93940D-95B9-4F28-9358-1B3B50F30B40}: "URL" = http://search.condui...0171887124&UM=2
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...ox&a=6OyFYR1LLg
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...5-000CF1BBE1BA}
IE - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\SearchScopes\{FE175CA8-0B29-42C5-8780-EF681D54C180}: "URL" = http://websearch.sho...q={searchTerms}

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/04/05 12:30:33 | 000,000,000 | ---D | M]
[2013/04/01 15:09:44 | 000,000,000 | ---D | M] (UnfriendApp) -- C:\Documents and Settings\b\Application Data\Mozilla\Firefox\extensions\[email protected]

O2 - BHO: (Supreme Savings) - {11111111-1111-1111-1111-110111991162} - C:\Program Files\Supreme Savings\Supreme Savings.dll (Innovative Apps)
O2 - BHO: (Solid Savings) - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings.dll (215 Apps)
O2 - BHO: (UnfriendApp) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\UnfriendApp\IE\common.dll (UnfriendApp)
O2 - BHO: (Coupon Savings) - {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files\Coupon Savings\toolbar.dll ()
O2 - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (MixiDJ V4 Toolbar) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files\SaveValet\ie\SaveValetIE_32.dll (Save Valet

O3 - HKLM\..\Toolbar: (MixiDJ V4 Toolbar) - {c846d9b8-4cc6-491e-893f-7ee1d979afa3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003\..\Toolbar\WebBrowser: (MixiDJ V4 Toolbar) - {C846D9B8-4CC6-491E-893F-7EE1D979AFA3} - C:\Program Files\MixiDJ_V4\prxtbMixi.dll (Conduit Ltd.)

O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [SearchProtect] C:\Documents and Settings\b\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [Updater19962.exe] C:\Documents and Settings\b\Local Settings\Application Data\Updater19962\Updater19962.exe (Innovative Apps)
O4 - HKU\S-1-5-21-1220945662-1960408961-842925246-1003..\Run: [Updater26278.exe] C:\Documents and Settings\b\Local Settings\Application Data\Updater26278\Updater26278.exe (215 Apps)

[2013/04/06 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\SaveValet
[2013/04/06 12:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\Updater26278
[2013/04/06 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings
[2013/04/05 12:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/04/05 12:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\SearchProtect
[2013/04/05 12:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\MixiDJ_V4
[2013/04/05 12:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\MixiDJ_V4
[2013/04/05 12:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/04/05 12:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/04/05 12:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\Updater19962
[2013/04/05 12:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Supreme Savings
[2013/04/01 15:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\UnfriendApp
[2013/01/13 14:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Coupon Savings
[2013/04/05 12:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\PriceGong
[2013/04/05 12:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\SearchProtect
[2013/03/09 10:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\ShopAtHome

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dmwu.exe"=-
"C:\WINDOWS\system32\ARFC\wrtc.exe"=-

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 3: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • aswMBR log
  • How is your computer running now?

  • 0

#4
RBB_Helpme
Posted 12 April 2013 - 04:02 PM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for assisting. The IE runs much quicker now, with many fewer ads popping in. It allows the start page to be "about: blank", and does not redirect automatically, but still has mystart in the explorer tab.

OTL Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Releasing module C:\WINDOWS\system32\dmwu.exe
C:\WINDOWS\system32\dmwu.exe moved successfully.
Releasing module C:\WINDOWS\system32\ImHttpComm.dll
C:\WINDOWS\system32\ImHttpComm.dll moved successfully.
Error: Unable to stop service IBUpdaterService!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IBUpdaterService deleted successfully.
File C:\WINDOWS\system32\dmwu.exe not found.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files\SearchProtect\bin\CltMngSvc.exe not found.
Error: No service named Updater By SweetPacks was found to stop!
Service\Driver key Updater By SweetPacks not found.
File C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c846d9b8-4cc6-491e-893f-7ee1d979afa3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c846d9b8-4cc6-491e-893f-7ee1d979afa3}\ not found.
File C:\Program Files\MixiDJ_V4\prxtbMixi.dll not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{5F93940D-95B9-4F28-9358-1B3B50F30B40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F93940D-95B9-4F28-9358-1B3B50F30B40}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\SearchScopes\{FE175CA8-0B29-42C5-8780-EF681D54C180}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE175CA8-0B29-42C5-8780-EF681D54C180}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Folder C:\Documents and Settings\b\Application Data\Mozilla\Firefox\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111991162}\ not found.
File C:\Program Files\Supreme Savings\Supreme Savings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211621178}\ not found.
File C:\Program Files\Solid Savings\Solid Savings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ not found.
File C:\Program Files\UnfriendApp\IE\common.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}\ not found.
File C:\Program Files\Coupon Savings\toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Extension32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c846d9b8-4cc6-491e-893f-7ee1d979afa3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c846d9b8-4cc6-491e-893f-7ee1d979afa3}\ not found.
File C:\Program Files\MixiDJ_V4\prxtbMixi.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F12903-DE76-4DF7-BCDC-0A0689151189}\ not found.
File C:\Program Files\SaveValet\ie\SaveValetIE_32.dll (Save Valet not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c846d9b8-4cc6-491e-893f-7ee1d979afa3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c846d9b8-4cc6-491e-893f-7ee1d979afa3}\ not found.
File C:\Program Files\MixiDJ_V4\prxtbMixi.dll not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C846D9B8-4CC6-491E-893F-7EE1D979AFA3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C846D9B8-4CC6-491E-893F-7EE1D979AFA3}\ not found.
File C:\Program Files\MixiDJ_V4\prxtbMixi.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher deleted successfully.
File C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Documents and Settings\b\Application Data\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Updater19962.exe not found.
C:\Documents and Settings\b\Local Settings\Application Data\Updater19962\Updater19962.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1220945662-1960408961-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Updater26278.exe not found.
C:\Documents and Settings\b\Local Settings\Application Data\Updater26278\Updater26278.exe moved successfully.
C:\Program Files\SaveValet\ie folder moved successfully.
C:\Program Files\SaveValet folder moved successfully.
C:\Documents and Settings\b\Local Settings\Application Data\Updater26278 folder moved successfully.
Folder C:\Program Files\Solid Savings\ not found.
Folder C:\Program Files\SearchProtect\ not found.
Folder C:\Documents and Settings\b\Application Data\SearchProtect\ not found.
Folder C:\Documents and Settings\b\Local Settings\Application Data\MixiDJ_V4\ not found.
Folder C:\Program Files\MixiDJ_V4\ not found.
C:\Program Files\Tuguu SL\VAFPlayer folder moved successfully.
C:\Program Files\Tuguu SL folder moved successfully.
Folder C:\Program Files\Updater By SweetPacks\ not found.
C:\Documents and Settings\b\Local Settings\Application Data\Updater19962 folder moved successfully.
Folder C:\Program Files\Supreme Savings\ not found.
Folder C:\Program Files\UnfriendApp\ not found.
C:\Documents and Settings\All Users\Application Data\Coupon Savings folder moved successfully.
C:\Documents and Settings\b\Application Data\PriceGong\tmp folder moved successfully.
C:\Documents and Settings\b\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\b\Application Data\PriceGong folder moved successfully.
Folder C:\Documents and Settings\b\Application Data\SearchProtect\ not found.
C:\Documents and Settings\b\Application Data\ShopAtHome\ShopAtHomeHelper folder moved successfully.
C:\Documents and Settings\b\Application Data\ShopAtHome folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dmwu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ARFC\wrtc.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: b
->Temp folder emptied: 6348550 bytes
->Temporary Internet Files folder emptied: 165259586 bytes
->Flash cache emptied: 622 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3538770 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16940907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 303384764 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 473.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04122013_171705

Files\Folders moved on Reboot...
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\JBR1ONGU\request_ad[1].htm moved successfully.
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\DJ92ZEM6\329231-mystart-by-incredibar[1].htm moved successfully.
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\DJ92ZEM6\push[1].htm moved successfully.
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\DJ92ZEM6\rt=ifr[5].htm moved successfully.
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\Content.IE5\3RR0PVP7\push[2].htm moved successfully.
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\b\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ADW Cleaner Log:

# AdwCleaner v2.200 - Logfile created 04/12/2013 at 17:31:42
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : b - B-ECCD4071C2274
# Boot Mode : Normal
# Running from : C:\Documents and Settings\b\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\b\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\b\My Documents\DealRunner
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\WINDOWS\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\IB Updater
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287768
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\b\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5990 octets] - [12/04/2013 17:31:42]

########## EOF - C:\AdwCleaner[S1].txt - [6050 octets] ##########


aswMBR Log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-12 17:36:53
-----------------------------
17:36:53.656 OS Version: Windows 5.1.2600 Service Pack 3
17:36:53.656 Number of processors: 2 586 0x209
17:36:53.656 ComputerName: B-ECCD4071C2274 UserName: b
17:36:54.609 Initialize success
17:36:54.937 AVAST engine defs: 13041201
17:37:10.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:37:10.125 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78167MB BusType: 3
17:37:10.218 Disk 0 MBR read successfully
17:37:10.218 Disk 0 MBR scan
17:37:10.218 Disk 0 Windows XP default MBR code
17:37:10.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78152 MB offset 63
17:37:10.234 Disk 0 scanning sectors +160055595
17:37:10.390 Disk 0 scanning C:\WINDOWS\system32\drivers
17:37:21.265 Service scanning
17:37:42.750 Modules scanning
17:37:54.562 Disk 0 trace - called modules:
17:37:54.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
17:37:54.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a025ab8]
17:37:54.593 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8a012f18]
17:37:54.593 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a028940]
17:37:55.000 AVAST engine scan C:\WINDOWS
17:38:05.187 AVAST engine scan C:\WINDOWS\system32
17:40:37.781 AVAST engine scan C:\WINDOWS\system32\drivers
17:40:50.875 AVAST engine scan C:\Documents and Settings\b
17:50:38.515 AVAST engine scan C:\Documents and Settings\All Users
17:51:54.750 Scan finished successfully
17:53:37.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\b\Desktop\MBR.dat"
17:53:37.046 The log file has been saved successfully to "C:\Documents and Settings\b\Desktop\aswMBR.txt"


Thanks again
  • 0

#5
Buddierdl
Posted 12 April 2013 - 04:05 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

but still has mystart in the explorer tab.



I don't quite understand what you mean by this. Could you please attach a screen shot to help me understand? (instructions here.)
  • 0

#6
RBB_Helpme
Posted 12 April 2013 - 04:23 PM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
My mistake. I have had the forum post up to this discussion, so when I looked at the tab on the taskbar it still says "Mystart by Incredibar" It is just the title of this discussion.
  • 0

#7
Buddierdl
Posted 13 April 2013 - 07:05 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's run a quick scan for remnants. Are there any other problems?

Step 1:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Step 2:

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • 0

#8
RBB_Helpme
Posted 13 April 2013 - 09:25 AM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.13.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
b :: B-ECCD4071C2274 [administrator]

4/13/2013 11:11:43 AM
mbam-log-2013-04-13 (11-11-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198560
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Security check log:

Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
WinCleaner OneClick Cleanup Version 10
JavaFX 2.1.1
Java 7 Update 17
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

Running better now.
  • 0

#9
RBB_Helpme
Posted 14 April 2013 - 01:22 PM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Just to share, my father visits the "Jigsaw Zone" daily. Since we atarted cleaning the machine, the jigsaw puzzle refuses to load. Don't know how it is related. Also, he is still getting ads popping up at sites he visits.
  • 0

#10
Buddierdl
Posted 15 April 2013 - 07:24 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Are you using Internet Explorer to open the webpages?

Have you tried using another browser, like Firefox?

Are the ads coming up as pop-ups, or are they embedded in the webpages?

Could you please open OTL again, click "Quick Scan" and post the log.
  • 0

Advertisements

#11
RBB_Helpme
Posted 15 April 2013 - 09:12 AM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
He prefers to use IE only. Dislikes extremely CHrome, no reason really given.

The ads are either embedded in the webpage, or occassionaly when closeing the IE, a page will be on the desktop, usually a "wallpaper" or "icon" site.

FYI, I will be departing at 1200 EST today. Any responses after that time, be very clear and explicit how to perform the requested action.

OTL Log:

OTL logfile created on: 4/15/2013 10:53:53 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\b\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 74.51% Memory free
4.06 Gb Paging File | 3.47 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 41.90 Gb Free Space | 54.90% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.95 Gb Free Space | 93.31% Space Free | Partition Type: FAT32

Computer Name: B-ECCD4071C2274 | User Name: b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/12 10:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\b\Desktop\OTL.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/05 16:50:13 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/25 10:46:00 | 000,667,648 | ---- | M] (Global Graphics Software Ltd.) -- C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe
PRC - [2012/04/25 10:45:20 | 000,073,728 | ---- | M] (Global Graphics Software Ltd) -- C:\WINDOWS\system32\CorelCreatorMessages.exe
PRC - [2011/10/05 13:31:46 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2011/06/05 21:41:34 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2011/06/05 21:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/04/14 19:56:02 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxebcoms.exe
PRC - [2008/04/14 03:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/15 04:06:22 | 002,081,792 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13041500\algo.dll
MOD - [2012/04/25 10:46:18 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\corelcreatorpm.dll
MOD - [2009/11/04 13:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxebdrpp.dll


========== Services (SafeList) ==========

SRV - [2013/03/12 14:19:17 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/05 16:50:13 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/25 10:45:20 | 000,073,728 | ---- | M] (Global Graphics Software Ltd) [On_Demand | Running] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)
SRV - [2011/06/05 20:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/04/14 19:56:02 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxebcoms.exe -- (lxeb_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/05/14 20:41:28 | 000,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2012/05/14 20:41:28 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/08/13 23:40:22 | 000,240,128 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/08/01 00:20:12 | 000,025,578 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/08/01 00:20:06 | 000,030,246 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/08/01 00:19:58 | 000,132,058 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/08/01 00:16:30 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=06-04-2013
&tb_mrud=06-04-2013

IE - HKLM\..\SearchScopes\{C4B4A6FC-9F01-42BA-88D3-EEB0286722A6}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {C4B4A6FC-9F01-42BA-88D3-EEB0286722A6}
IE - HKCU\..\SearchScopes\{055D540B-B828-4BC0-9D73-9D193EEA3A0C}: "URL" = http://websearch.ask...DA-7242E1A2EC24
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=06-04-2013
&tb_mrud=06-04-2013

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C4B4A6FC-9F01-42BA-88D3-EEB0286722A6}: "URL" = http://www.google.co...1I7ADRA_enUS491
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/04/12 16:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\b\Application Data\Mozilla\Firefox\extensions
[2012/06/24 23:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========


O1 HOSTS File: ([2008/04/14 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CorelCreatorClient] C:\Program Files\Corel\Corel PDF Fusion\CorelCreatorClient.exe (Global Graphics Software Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKCU..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1337045564578 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5856C2AD-D499-48CF-9E73-2E9C2E50E0A1}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/13 22:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/19 19:13:52 | 000,000,092 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/15 09:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Desktop\4-15-2013
[2013/04/13 17:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\fltk.org
[2013/04/13 17:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fltk.org
[2013/04/13 15:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Desktop\to Flashdrive
[2013/04/13 11:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\Malwarebytes
[2013/04/13 11:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/13 11:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/13 11:10:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/13 11:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/12 17:30:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\b\Desktop\aswMBR.exe
[2013/04/12 17:17:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/12 11:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Desktop\Fixes
[2013/04/12 10:47:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\b\Desktop\OTL.exe
[2013/04/06 12:34:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Local Settings\Application Data\AOL Toolbar
[2013/04/06 12:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2013/04/06 12:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2013/04/05 12:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\player
[2013/04/05 12:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\PC TEKNIX
[2013/04/05 12:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Extreme Flash Player
[2013/04/01 15:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\b\Application Data\Mozilla
[2013/03/26 08:55:37 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys

========== Files - Modified Within 30 Days ==========

[2013/04/15 10:21:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/15 10:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/15 08:55:00 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/15 08:08:16 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{90B3CD0E-F9F3-44AC-B4F9-671B8981D1E9}.job
[2013/04/15 08:06:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/15 08:06:23 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 08:06:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/14 19:12:59 | 000,033,263 | ---- | M] () -- C:\Documents and Settings\b\Desktop\CNN88B.pdf
[2013/04/13 11:10:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/12 17:30:12 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\b\Desktop\aswMBR.exe
[2013/04/12 14:04:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/12 10:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\b\Desktop\OTL.exe
[2013/04/11 21:00:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RegTask.job
[2013/04/11 15:54:16 | 000,000,024 | ---- | M] () -- C:\WINDOWS\Kyor.ini
[2013/04/11 08:21:31 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/09 22:37:28 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\b\My Documents\spider.sav
[2013/04/06 22:54:01 | 000,493,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/06 22:54:01 | 000,084,520 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/06 12:33:29 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/26 08:55:37 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/18 16:13:53 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dragon NaturallySpeaking 11.5.lnk

========== Files Created - No Company Name ==========

[2013/04/14 19:12:58 | 000,033,263 | ---- | C] () -- C:\Documents and Settings\b\Desktop\CNN88B.pdf
[2013/04/13 11:10:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/06 12:34:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/06 12:33:29 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/03/26 08:55:38 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/26 08:55:38 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/11 10:54:42 | 000,000,598 | ---- | C] () -- C:\WINDOWS\csreg.dat
[2012/11/22 00:42:45 | 000,136,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1960408961-842925246-1003-0.dat
[2012/11/20 23:44:15 | 000,136,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/24 15:17:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\tvml.INI
[2012/10/22 19:37:41 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\b\g2mdlhlpx.exe
[2012/10/22 14:54:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PZMSTART.INI
[2012/06/06 16:59:10 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2012/05/15 10:16:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2012/05/15 10:16:10 | 000,000,047 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2012/05/15 10:15:40 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini
[2012/05/15 10:15:33 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll
[2012/05/15 10:15:05 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2012/05/15 10:14:42 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2012/05/15 10:14:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2012/05/14 21:53:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/14 15:37:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/13 22:59:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/13 22:53:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/13 18:37:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/13 18:36:21 | 000,170,688 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/25 10:46:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\corelcreatorpm.dll
[2012/04/25 10:45:22 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\CorelCreatorMessagesPS.dll

========== ZeroAccess Check ==========

[2012/05/14 13:27:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/02/28 14:50:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/15 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/04/13 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fltk.org
[2012/11/20 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2012/12/14 20:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2012/12/14 20:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2012/07/06 18:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro200-S500 Series
[2013/03/11 17:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/12/14 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2012/06/25 09:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PictureMover
[2013/01/26 08:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\REGSERVO
[2013/02/02 10:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegTask
[2013/03/21 03:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/20 14:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens PictureMover
[2012/11/12 14:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Activeris
[2012/07/04 19:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Business Logic
[2012/05/14 13:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Easeware
[2013/04/13 17:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\fltk.org
[2012/11/20 19:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Garmin
[2013/03/11 22:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Nuance
[2012/06/07 12:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\Oracle
[2012/06/26 09:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\PictureMover
[2013/04/05 12:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\player
[2012/06/24 23:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\b\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF263E8

< End of report >
  • 0

#12
Buddierdl
Posted 15 April 2013 - 09:24 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's try resetting IE.

Download this file to your desktop and double-click on it to run it.

In the Reset Internet Explorer Settings dialog box that comes up, please click Reset.

Allow the program to run and close it when it is finished.

Restart IE and see if things have improved. Let me know if you have any questions.
  • 0

#13
RBB_Helpme
Posted 20 April 2013 - 05:58 PM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Buddierdl,

I am responding from my home for my father. I finally got him to read your latest post and follow the directions. According to him, therer is no change in his IE. He still cannot play on Jigzone, and he says that his email (hotmail) which he accesses through IE will no longer print.

Any other suggestions?
  • 0

#14
Buddierdl
Posted 21 April 2013 - 11:07 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's try this.
Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

Let me know if this works.
  • 0

#15
RBB_Helpme
Posted 23 April 2013 - 07:01 PM

RBB_Helpme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ran all you requested in your last request. then shut down and restart. checked all problems but it seemed to all be the same. no print for hotmail and jigzone not showing the pieces.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP