Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Virus - please help [Solved]


  • This topic is locked This topic is locked

#1
CoolSunrise

CoolSunrise

    Member

  • Member
  • PipPip
  • 30 posts
I've searched and tried for days to get rid of what appears to be a redirect virus and you guys appear to be my best hope. I've tried the Google remove virus information but I cannot find TDSSserv.sys; I ran AVG and they found nothing; I loaded and ran SUPERAntiSpyware which found nothing; I tried MalwareBytes which found many things but then a website discouraged against deleting them all if you don't know what you are deleting since it could cause problems. I didn't know what I was deleting. :(

Like I read on another post, I know enough about cars and computers to use them properly but when they are broken I need help. Thank you for offering to help.



I ran OTL.exe. This is from the Notepad report:


OTL logfile created on: 9/22/2013 9:55:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Vicki\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 558.97 Mb Available Physical Memory | 55.12% Memory free
2.38 Gb Paging File | 1.67 Gb Available in Paging File | 70.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 16.54 Gb Free Space | 52.71% Space Free | Partition Type: NTFS

Computer Name: NORTHPOLEFAMILY | User Name: Vicki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/22 09:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki\My Documents\Downloads\OTL.exe
PRC - [2013/09/19 13:57:56 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/09/02 09:46:43 | 002,202,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/08/14 17:27:59 | 005,703,920 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Documents and Settings\Vicki\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2012/12/21 17:16:43 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\WeatherBlink\bar\1.bin\gcbrmon.exe
PRC - [2011/01/23 20:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/04/14 21:08:14 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeccoms.exe
PRC - [2010/04/14 21:08:06 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecserv.exe
PRC - [2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/19 13:57:56 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2013/09/02 09:46:43 | 002,202,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
MOD - [2013/08/14 03:12:52 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a283b4d76562af1ff279d465f5488d8c\PresentationFramework.ni.dll
MOD - [2013/08/14 03:09:46 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll
MOD - [2013/08/14 03:08:39 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll
MOD - [2013/08/14 03:08:01 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 03:24:01 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2011/01/23 20:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/11/04 14:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxecdrpp.dll
MOD - [2009/05/27 13:16:52 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009/05/27 13:13:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeccats.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\lxecsmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\lxecsm.dll


========== Services (SafeList) ==========

SRV - [2013/09/19 13:57:56 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/09/19 13:30:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 12:53:35 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/04 09:20:38 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2010/04/14 21:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 21:08:06 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/23 22:56:50 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {168DF70E-689E-470A-B1D1-B89475209EE3}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3303001
IE - HKCU\..\SearchScopes,DefaultScope = {168DF70E-689E-470A-B1D1-B89475209EE3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{168DF70E-689E-470A-B1D1-B89475209EE3}: "URL" = http://search.condui...2519690215&UM=2
IE - HKCU\..\SearchScopes\{687DEFE4-5A4A-45CA-B22A-00331D0C5016}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{DA5AA633-5A4C-4C40-85D9-46E15492EEF6}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3303001.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: pbupload%40photobucket.com:1.3.9
FF - prefs.js..extensions.enabledAddons: eoWwdRD%40Qe3qzqg.com:11
FF - prefs.js..extensions.enabledAddons: 93abedcf-8e3a-4d02-b761-d1441e437c09%40243f129d-aee2-42c2-bcd1-48858e1c22fd.com:0.92.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/01/06 10:26:58 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/09 16:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Extensions
[2013/09/19 14:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions
[2013/03/08 06:48:53 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/09/19 14:10:03 | 000,000,000 | ---D | M] (Vafmusic8) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}
[2013/09/19 13:59:34 | 000,000,000 | ---D | M] ("SuperLyrics-1") -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com
[2013/09/19 14:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com\extensionData
[2013/09/19 14:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com\extensionData\plugins
[2013/09/19 14:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com\extensionData\userCode
[2013/09/19 14:07:34 | 000,037,942 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/09/16 08:33:45 | 000,003,252 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/08/31 16:53:47 | 001,314,979 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/06/25 14:39:41 | 000,027,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/09/19 13:58:39 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\searchplugins\conduit.xml
[2013/09/17 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 13:14:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2008/08/21 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SuperLyrics-1) - {11111111-1111-1111-1111-110411161172} - C:\Program Files\SuperLyrics-1\SuperLyrics-1-bho.dll (Lyrics)
O2 - BHO: (KeyBar 1.6 Toolbar) - {65f9f6b7-2dae-46fc-bfaf-f88e4af1beca} - C:\Program Files\KeyBar_1.6\prxtbKey2.dll (Conduit Ltd.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O3 - HKLM\..\Toolbar: (KeyBar 1.6 Toolbar) - {65f9f6b7-2dae-46fc-bfaf-f88e4af1beca} - C:\Program Files\KeyBar_1.6\prxtbKey2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.6 Toolbar) - {65F9F6B7-2DAE-46FC-BFAF-F88E4AF1BECA} - C:\Program Files\KeyBar_1.6\prxtbKey2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\Vicki\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [WeatherBlinkbar Uninstall] C:\Program Files\gcUninstall WeatherBlink.dll (MindSpark)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356147684000 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E76578B-BEE8-479F-956A-57B71864310E}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vicki\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vicki\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/08 17:52:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 09:50:34 | 000,707,728 | ---- | C] (MindSpark) -- C:\Program Files\gcUninstall WeatherBlink.dll
[2013/09/19 14:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/19 14:23:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/09/19 14:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 13:58:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/19 13:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\SuperLyrics-1
[2013/09/19 13:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/09/19 13:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\DefaultTab
[2013/09/19 06:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\Malwarebytes
[2013/09/19 06:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/19 06:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/19 06:51:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/19 06:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/18 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com
[2013/09/18 20:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/09/18 20:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/09/18 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/17 13:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/16 15:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\My Documents\Homeschool
[2013/09/13 09:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/09 09:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2013/08/27 13:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/22 09:29:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/22 09:05:15 | 000,001,290 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-updater.job
[2013/09/22 09:05:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/22 09:05:02 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/22 09:05:00 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-codedownloader.job
[2013/09/22 09:04:59 | 000,001,818 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-firefoxinstaller.job
[2013/09/22 09:04:59 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-enabler.job
[2013/09/22 09:04:59 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/22 09:03:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/19 14:23:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/09/19 14:02:26 | 000,000,009 | ---- | M] () -- C:\END
[2013/09/19 13:58:55 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Vicki\ntuser.pol
[2013/09/19 12:43:03 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 96cc38a1-c08f-4507-95ce-0fe7bc4ff521.job
[2013/09/19 06:51:24 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/19 02:00:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task ecc58970-b2f0-4227-b62c-a1e01202d29b.job
[2013/09/18 20:42:50 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/17 22:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/17 12:15:55 | 000,013,908 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Glen's Daily Work Record
[2013/09/16 19:37:28 | 000,036,209 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\2013 Food Pantry Income Verification.odt
[2013/09/16 19:21:24 | 000,033,359 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Logo
[2013/09/13 09:49:55 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/09/12 03:17:43 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/12 03:01:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/10 05:57:50 | 000,010,726 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\Client form.odt
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/09 14:58:38 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Vicki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/07 13:17:30 | 000,052,725 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\ABA Stories.odt
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/08/28 09:50:35 | 000,079,428 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\Untitled 1.odg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/22 09:50:34 | 000,178,712 | ---- | C] () -- C:\Program Files\gcres.dll
[2013/09/19 14:26:02 | 000,001,290 | ---- | C] () -- C:\WINDOWS\tasks\SuperLyrics-1-updater.job
[2013/09/19 14:00:39 | 000,001,094 | ---- | C] () -- C:\WINDOWS\tasks\SuperLyrics-1-enabler.job
[2013/09/19 14:00:01 | 000,001,194 | ---- | C] () -- C:\WINDOWS\tasks\SuperLyrics-1-codedownloader.job
[2013/09/19 13:58:53 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Vicki\ntuser.pol
[2013/09/19 13:58:49 | 000,001,818 | ---- | C] () -- C:\WINDOWS\tasks\SuperLyrics-1-firefoxinstaller.job
[2013/09/19 06:51:24 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/18 20:43:15 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 96cc38a1-c08f-4507-95ce-0fe7bc4ff521.job
[2013/09/18 20:43:14 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task ecc58970-b2f0-4227-b62c-a1e01202d29b.job
[2013/09/18 20:42:50 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/16 20:33:55 | 000,013,908 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Glen's Daily Work Record
[2013/09/16 19:31:41 | 000,036,209 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\2013 Food Pantry Income Verification.odt
[2013/09/16 19:21:23 | 000,033,359 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Logo
[2013/09/09 13:01:32 | 000,010,726 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\Client form.odt
[2013/09/09 09:46:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/09 09:44:16 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/07 13:17:29 | 000,052,725 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\ABA Stories.odt
[2013/08/28 09:50:35 | 000,079,428 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\Untitled 1.odg
[2013/04/02 06:40:56 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vicki\hotshot.db
[2013/04/02 06:40:56 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vicki\files.db
[2013/01/22 16:38:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/15 12:21:18 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2013/01/15 12:21:11 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2012/12/27 17:03:40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Vicki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/21 20:55:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2013/01/06 10:24:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/02 04:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/01/04 08:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/09/09 09:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2013/05/03 22:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2013/01/22 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/12/23 22:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/12/23 22:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/19 14:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/06/17 08:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2013/09/22 08:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/23 06:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/09 08:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/04 08:28:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/01/04 08:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\AVG
[2012/12/23 22:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\AVG2013
[2013/03/17 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\CouponMatcher
[2013/09/19 13:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\DefaultTab
[2013/01/04 10:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\MSNInstaller
[2013/01/04 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\OfficeSuiteX
[2013/09/18 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\PriceGong
[2013/09/19 14:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\SearchProtect
[2012/12/23 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >





This also came up from Notepad: Extras.Txt:



OTL Extras logfile created on: 9/22/2013 9:55:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Vicki\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 558.97 Mb Available Physical Memory | 55.12% Memory free
2.38 Gb Paging File | 1.67 Gb Available in Paging File | 70.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 16.54 Gb Free Space | 52.71% Space Free | Partition Type: NTFS

Computer Name: NORTHPOLEFAMILY | User Name: Vicki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\lxeccoms.exe" = C:\WINDOWS\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server -- ( )
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}" = Office Suite X 3.3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"B02431C25DADF05A60DCE378F53276407E8F1A8D" = Windows Driver Package - Broadcom (b57w2k) Net (12/15/2006 10.24.0.0)
"DefaultTab" = DefaultTab
"ie8" = Windows Internet Explorer 8
"KeyBar_1.6 Toolbar" = KeyBar 1.6 Toolbar
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"SearchProtect" = Search Protect by conduit
"SuperLyrics-1" = SuperLyrics-1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2013 9:04:14 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 20.0.1.4847, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2013 9:04:32 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket -773425913.

Error - 5/14/2013 9:06:40 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2013 9:06:52 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 5/14/2013 9:07:41 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2013 9:07:57 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/14/2013 10:50:04 PM | Computer Name = NORTHPOLEFAMILY | Source = CltMngSvc | ID = 1000
Description =

Error - 5/18/2013 10:05:02 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2013 10:05:09 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/20/2013 5:47:34 PM | Computer Name = NORTHPOLEFAMILY | Source = Application Error | ID = 1000
Description = Faulting application lxeccoms.exe, version 9.2.33.0, faulting module
lxeccoms.exe, version 9.2.33.0, fault address 0x000323bc.

[ System Events ]
Error - 9/13/2013 6:30:47 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/14/2013 10:14:36 AM | Computer Name = NORTHPOLEFAMILY | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 9/16/2013 12:05:01 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/16/2013 10:58:32 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/17/2013 8:49:29 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/18/2013 5:53:21 PM | Computer Name = NORTHPOLEFAMILY | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 9/19/2013 5:16:51 PM | Computer Name = NORTHPOLEFAMILY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/22/2013 6:24:34 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/22/2013 6:24:34 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/22/2013 10:39:23 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
HelloVicki, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I see some nasty programs that hijack browsers. I am analyzing the logs now. I'll be back shortly with the plan of attack .
  • 0

#3
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thank you, godawgs! I am ready to follow your lead; waiting patiently. :thumbsup:
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Let's see what we can kill :D Please let me know after this run how the computer is behaving.


Step-1.

Malicious program uninstalls

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

DefaultTab
KeyBar 1.6 Toolbar
Search Protect by conduit
SuperLyrics-1


3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/09/19 13:57:56 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Documents and Settings\Vicki\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
MOD - [2013/09/19 13:57:56 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
SRV - [2013/09/19 13:57:56 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3303001
IE - HKCU\..\SearchScopes,DefaultScope = {168DF70E-689E-470A-B1D1-B89475209EE3}
IE - HKCU\..\SearchScopes\{168DF70E-689E-470A-B1D1-B89475209EE3}: "URL" = http://search.condui...2519690215&UM=2
IE - HKCU\..\SearchScopes\{DA5AA633-5A4C-4C40-85D9-46E15492EEF6}: "URL" = http://search.condui...q={searchTerms}
FF - prefs.js..CT3303001.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledAddons: eoWwdRD%40Qe3qzqg.com:11
FF - prefs.js..extensions.enabledAddons: 93abedcf-8e3a-4d02-b761-d1441e437c09%40243f129d-aee2-42c2-bcd1-48858e1c22fd.com:0.92.12
[2013/03/08 06:48:53 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/09/19 14:10:03 | 000,000,000 | ---D | M] (Vafmusic8) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}
[2013/09/19 13:59:34 | 000,000,000 | ---D | M] ("SuperLyrics-1") -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com
[2013/09/19 14:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com\extensionData
[2013/09/19 14:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com\extensionData\plugins
[2013/09/19 14:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com\extensionData\userCode
[2013/09/19 14:07:34 | 000,037,942 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/09/16 08:33:45 | 000,003,252 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/09/19 13:58:39 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\searchplugins\conduit.xml
O2 - BHO: (SuperLyrics-1) - {11111111-1111-1111-1111-110411161172} - C:\Program Files\SuperLyrics-1\SuperLyrics-1-bho.dll (Lyrics)
O2 - BHO: (KeyBar 1.6 Toolbar) - {65f9f6b7-2dae-46fc-bfaf-f88e4af1beca} - C:\Program Files\KeyBar_1.6\prxtbKey2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (KeyBar 1.6 Toolbar) - {65f9f6b7-2dae-46fc-bfaf-f88e4af1beca} - C:\Program Files\KeyBar_1.6\prxtbKey2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (KeyBar 1.6 Toolbar) - {65F9F6B7-2DAE-46FC-BFAF-F88E4AF1BECA} - C:\Program Files\KeyBar_1.6\prxtbKey2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\Vicki\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2013/09/19 14:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 13:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\SuperLyrics-1
[2013/09/19 13:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\DefaultTab
[2013/09/22 09:05:15 | 000,001,290 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-updater.job
[2013/09/22 09:05:02 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/22 09:05:00 | 000,001,194 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-codedownloader.job
[2013/09/22 09:04:59 | 000,001,818 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-firefoxinstaller.job
[2013/09/22 09:04:59 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\SuperLyrics-1-enabler.job
[2013/09/22 09:04:59 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/18 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\PriceGong
[2013/09/19 14:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\SearchProtect
[2012/12/23 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\TuneUp Software

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = DWORD:1

:FILES
ipconfig /flushdns /c
C:\Documents and Settings\Vicki\Application Data\DefaultTab
C:\Documents and Settings\Vicki\Application Data\SearchProtect
C:\Program Files\SearchProtect
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}
[2013/09/19 13:59:34 | 000,000,000 | ---D | M] ("SuperLyrics-1") -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]58e1c22fd.com
C:\Program Files\KeyBar_1.6
C:\Program Files\OtShot
C:\Program Files\DefaultTab

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the OTL icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users, double click the AdwCleaner icon Posted Image on the desktop to run AdwCleaner. You will see the following console:

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went.
2, Let me know how the computer is running now.
3. The OTL fixes log
4. The aswMBR log
5. The AdwCleaner[R0].txt log
  • 0

#5
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Godawgs! I need your help! I started the procedures shortly after you posted them but then got discombobulated and had to wait until the Community Center opened today to ask you my question.

Step 1 - OK.

Step 2 - RunFix said it was killing things, made me happy. :) Then the screen went blank except for my desktop picture with no icons. It's been sitting that way all night. Is this when I do a reboot or did something go wrong?

I am patiently awaiting your reply. :whistling:
  • 0

#6
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
:angry: <--- This guy needs to be shaking violently with steam coming from his ears to be anywhere near as angry as I am.

While I was at the Community Center posting the above my husband brought someone who tinkers here to fix the computer. You have every right to refuse to help me any further but I am pleading with you to not give up on my cause. I removed him as a user and changed passwords of the other users so no one can access the computer and cause anymore interference. I didn't think there would be any problem in the first place since I thought he could understand what "I am in the middle of fixing it, don't touch it" means.

This is what the other man did:

1. Deleted all anti-virus programs
2. Cleaned system (by this he could tell me he lessened the amount of history that could be saved and the amount of things that could be in the registry - I don't know what that means.)
3. Installed AVG free virus program
4. defraged the system

Needless to say we still have the redirect virus and occasionally coupons slide up from the bottom of the screen, but it does run faster.

Please, please don't give up on me and tell me what to do next. :help: :blush: :surrender:

Edited by CoolSunrise, 23 September 2013 - 05:31 PM.

  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

You must have come on line Sunday right after I logged off. And I needed to be away for most of the day on Monday. I'm sorry you had the problems. I really don't understand why your husband's friend uninstalled the antivirus program you had on the system....which was AVG....just to reinstall AVG, but I've seen stranger things.

Preventing IE from keeping so many days of browsing history and cleaning the Temp files, if he did that, shouldn't hurt anything. And I'm with you, I don't understand what he meant by lessening the amount of things saved by the registry. If he meant that he used a registry cleaner to clean entries out of the registry that could be a problem depending on what was cleaned out and/or what program was used to clean the registry. If he left the program on the system a new OTL scan should tell me what it was.
I'm still here with you but you did the right thing by locking the computer down until we get it clean. This method of virus/malware removal is difficult enough when only one person is helping you. When several people get involved it becomes much harder as I am never sure what the other person did.

The first thing I want you to do is look in the C:\_OTL\MovedFiles folder for a file named 09222013_hhmmss.log (The hhmmss part of the file name is the time the scan was run). If it is there please post it in your next reply.

Next we will get a fresh OTL scan. This scan will give me a more in depth look at the system and the new Extras.txt log will let me know what has been uninstalled from the system since the first scan. We will take it from there.


Step-1.

NOTE: Move the OTL.exe file from the C:\Documents and Settings\Vicki\My Documents\Downloads folder to the desktop. To do that, right click the OTL.exe file (icon) in the Downloads folder and click Cut. Then close the Downloads folder and get back to the desktop. Right click in a open space of the desktop and click Paste. This will put the OTL file on the desktop.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
    NOTE: The image above shows a check in the Include 64 bit Scans but your console won't have that box because your system is not a 64bit system.
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use SafeList<---Very Important
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open the OTL.Txt file on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log if there is one.
2. The new OTL.txt log
3. The new Extras.txt log
  • 0

#8
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
C:\_OTL\MovedFiles\09222013_142611 <--- folder is empty

On to the next steps...

Thank you for hanging in there with me.
  • 0

#9
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTL logfile created on: 9/24/2013 7:05:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Vicki\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 542.37 Mb Available Physical Memory | 53.48% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.31% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 17.94 Gb Free Space | 57.15% Space Free | Partition Type: NTFS

Computer Name: NORTHPOLEFAMILY | User Name: Vicki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/22 09:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki\Desktop\OTL.exe
PRC - [2013/09/02 09:46:43 | 002,202,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/08/21 23:40:58 | 000,894,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/20 23:41:28 | 000,668,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/08/20 23:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/08/20 23:03:40 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2011/01/23 20:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/04/14 21:08:14 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeccoms.exe
PRC - [2010/04/14 21:08:06 | 000,193,192 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecserv.exe
PRC - [2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/02 09:46:43 | 002,202,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
MOD - [2011/01/23 20:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011/01/23 20:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/05 06:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2010/04/05 06:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010/04/05 06:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/11/04 14:14:20 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxecdrpp.dll
MOD - [2009/05/27 13:16:52 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009/05/27 13:13:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeccats.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 09:48:44 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\lxecsmr.dll
MOD - [2009/02/20 09:48:04 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\lxecsm.dll


========== Services (SafeList) ==========

SRV - [2013/09/19 13:30:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 12:53:35 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/14 21:08:14 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - [2010/04/14 21:08:06 | 000,193,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/23 11:32:12 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/08/01 16:06:40 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/08/01 16:05:58 | 000,026,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2008/11/23 22:56:50 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {168DF70E-689E-470A-B1D1-B89475209EE3}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3303001
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes,DefaultScope = {168DF70E-689E-470A-B1D1-B89475209EE3}
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{168DF70E-689E-470A-B1D1-B89475209EE3}: "URL" = http://search.condui...2519690215&UM=2
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{687DEFE4-5A4A-45CA-B22A-00331D0C5016}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{DA5AA633-5A4C-4C40-85D9-46E15492EEF6}: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3303001.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: pbupload%40photobucket.com:1.3.9
FF - prefs.js..extensions.enabledAddons: eoWwdRD%40Qe3qzqg.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2013/01/06 10:26:58 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/02/09 16:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Extensions
[2013/09/22 13:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions
[2013/03/08 06:48:53 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/09/19 14:10:03 | 000,000,000 | ---D | M] (Vafmusic8) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}
[2013/09/16 08:33:45 | 000,003,252 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/08/31 16:53:47 | 001,314,979 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/06/25 14:39:41 | 000,027,521 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/09/19 13:58:39 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\searchplugins\conduit.xml
[2013/09/17 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 13:14:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2008/08/21 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\NetworkService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\NetworkService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1356147684000 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E76578B-BEE8-479F-956A-57B71864310E}: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vicki\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vicki\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/08 17:52:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/09/23 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Desktop\Glen
[2013/09/23 13:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\AVG2014
[2013/09/23 13:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Local Settings\Application Data\Avg2014
[2013/09/23 11:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/23 11:58:02 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/23 11:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/23 11:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/09/23 11:32:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/09/22 14:26:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/22 09:17:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vicki\Desktop\OTL.exe
[2013/09/19 14:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/19 14:23:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/09/19 14:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 13:58:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/19 13:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/09/19 06:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\Malwarebytes
[2013/09/19 06:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/18 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com
[2013/09/18 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/17 13:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/16 15:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\My Documents\Homeschool
[2013/09/09 09:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2013/08/27 13:48:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/24 06:46:53 | 000,030,315 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\geekstogo redirect virus.odt
[2013/09/24 06:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/23 16:39:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/23 16:38:16 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/23 16:38:08 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/23 16:37:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/23 11:59:05 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/23 11:32:12 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/09/22 14:06:07 | 003,081,090 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\KeyBar 1.6 Toolbar screen.bmp
[2013/09/22 09:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vicki\Desktop\OTL.exe
[2013/09/19 14:23:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/09/19 14:02:26 | 000,000,009 | ---- | M] () -- C:\END
[2013/09/19 13:58:55 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Vicki\ntuser.pol
[2013/09/19 13:30:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/19 13:30:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/17 22:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/17 12:15:55 | 000,013,908 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Glen's Daily Work Record
[2013/09/16 19:37:28 | 000,036,209 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\2013 Food Pantry Income Verification.odt
[2013/09/16 19:21:24 | 000,033,359 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Logo
[2013/09/12 03:17:43 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/10 05:57:50 | 000,010,726 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\Client form.odt
[2013/09/09 14:58:38 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Vicki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/07 13:17:30 | 000,052,725 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\ABA Stories.odt
[2013/08/28 09:50:35 | 000,079,428 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\Untitled 1.odg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/23 11:59:05 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/09/22 14:06:07 | 003,081,090 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\KeyBar 1.6 Toolbar screen.bmp
[2013/09/22 12:52:51 | 000,030,315 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\geekstogo redirect virus.odt
[2013/09/19 13:58:53 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Vicki\ntuser.pol
[2013/09/16 20:33:55 | 000,013,908 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Glen's Daily Work Record
[2013/09/16 19:31:41 | 000,036,209 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\2013 Food Pantry Income Verification.odt
[2013/09/16 19:21:23 | 000,033,359 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Logo
[2013/09/09 13:01:32 | 000,010,726 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\Client form.odt
[2013/09/09 09:46:01 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK.job
[2013/09/09 09:44:16 | 000,000,462 | ---- | C] () -- C:\WINDOWS\tasks\AVG_SYS_TASK_DELETE.job
[2013/09/07 13:17:29 | 000,052,725 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\ABA Stories.odt
[2013/08/28 09:50:35 | 000,079,428 | ---- | C] () -- C:\Documents and Settings\Vicki\My Documents\Untitled 1.odg
[2013/04/02 06:40:56 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vicki\hotshot.db
[2013/04/02 06:40:56 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Vicki\files.db
[2013/01/22 16:38:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/15 12:21:18 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2013/01/15 12:21:11 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2012/12/27 17:03:40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Vicki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/21 20:55:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2013/01/06 10:24:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/21 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/02 04:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/01/04 08:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/09/09 09:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG 0913a Campaign
[2013/05/03 22:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2013/01/22 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/23 11:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/12/23 22:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/19 14:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/06/17 08:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro800-Pro900 Series
[2013/09/23 19:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/23 06:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/09 08:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/04 08:28:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/01/10 10:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/01/05 19:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/06/17 08:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PriceGong
[2013/06/17 08:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WeatherBlink
[2013/05/13 04:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SearchProtect
[2013/01/04 08:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\AVG
[2013/09/23 13:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\AVG2014
[2013/03/17 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\CouponMatcher
[2013/01/04 10:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\MSNInstaller
[2013/01/04 10:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\OfficeSuiteX
[2013/09/18 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\PriceGong
[2012/12/23 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/08/21 05:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/08/21 05:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/08/21 05:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 06:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/08/21 05:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/08/21 05:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/08/21 05:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/08/21 05:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 06:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/08/21 05:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/08/21 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/08/21 05:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/08/21 05:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/08/21 05:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/08/21 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/08/21 05:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/08/21 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/08/21 05:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/08/21 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/08/21 05:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/08/21 05:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/08/21 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/08/21 05:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 22:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/08/21 05:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/08/21 05:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/08/21 05:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/08/21 05:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/08/21 05:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/08/21 05:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/08/21 05:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/08/21 05:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/08/21 05:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/08/21 05:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/08/21 05:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 05:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/08/21 05:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/08/21 05:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 23:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/08/21 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/08/21 05:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/08/21 05:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/08/21 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2013/09/03 06:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2013/09/23 12:05:58 | 000,001,609 | ---- | M] () MD5=8FD5EE20A1D3BBE0A413F0BD515E4B6F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/08/21 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011/12/23 19:19:16 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\Office Suite X 3\URE\misc\services.rdb
[2011/12/23 19:18:40 | 005,314,560 | ---- | M] () MD5=B31F4ECB1247A650528A040A2D791105 -- C:\Program Files\Office Suite X 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/08/21 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/08/21 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/08/21 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/08/21 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/08/21 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/08/21 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2008/08/21 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/08/21 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Windows
Volume Serial Number is E4DC-B994
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/14/2013 03:05 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/14/2013 03:04 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 19,239,825,408 bytes free

< End of report >












OTL Extras logfile created on: 9/24/2013 7:05:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Vicki\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 542.37 Mb Available Physical Memory | 53.48% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.31% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.39 Gb Total Space | 17.94 Gb Free Space | 57.15% Space Free | Partition Type: NTFS

Computer Name: NORTHPOLEFAMILY | User Name: Vicki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\lxeccoms.exe" = C:\WINDOWS\system32\lxeccoms.exe:*:Enabled:Pro800-Pro900 Series Server -- ( )
"C:\Program Files\AVG\AVG2014\avgnsx.exe" = C:\Program Files\AVG\AVG2014\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgdiagex.exe" = C:\Program Files\AVG\AVG2014\avgdiagex.exe:*:Enabled:AVG Diagnostics 2014 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2014\avgemcx.exe" = C:\Program Files\AVG\AVG2014\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}" = Office Suite X 3.3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ABD40D9A-6865-4C2E-B525-05A7020F1494}" = AVG 2014
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E1F85CCE-735F-4CD2-B5AA-1F471AA6AF11}" = AVG 2014
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2014
"B02431C25DADF05A60DCE378F53276407E8F1A8D" = Windows Driver Package - Broadcom (b57w2k) Net (12/15/2006 10.24.0.0)
"ie8" = Windows Internet Explorer 8
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2013 9:04:14 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 20.0.1.4847, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2013 9:04:32 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket -773425913.

Error - 5/14/2013 9:06:40 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2013 9:06:52 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 734562961.

Error - 5/14/2013 9:07:41 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2013 9:07:57 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/14/2013 10:50:04 PM | Computer Name = NORTHPOLEFAMILY | Source = CltMngSvc | ID = 1000
Description =

Error - 5/18/2013 10:05:02 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2013 10:05:09 AM | Computer Name = NORTHPOLEFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 5/20/2013 5:47:34 PM | Computer Name = NORTHPOLEFAMILY | Source = Application Error | ID = 1000
Description = Faulting application lxeccoms.exe, version 9.2.33.0, faulting module
lxeccoms.exe, version 9.2.33.0, fault address 0x000323bc.

[ System Events ]
Error - 9/19/2013 5:16:51 PM | Computer Name = NORTHPOLEFAMILY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/22/2013 6:24:34 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 9/22/2013 6:24:34 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 9/22/2013 10:39:23 AM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/22/2013 5:26:12 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 9/22/2013 5:26:12 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/22/2013 5:26:13 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7034
Description = The lxecCATSCustConnectService service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/22/2013 5:26:13 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7034
Description = The lxec_device service terminated unexpectedly. It has done this
1 time(s).

Error - 9/22/2013 5:26:13 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 9/22/2013 5:26:13 PM | Computer Name = NORTHPOLEFAMILY | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thank you for hanging in there with me.

You are welcome. :)

Thanks for the new logs. It looks like AVG 2013 was updated to AVG 2014 so no problem there. And the other antivirus programs he uninstalled were actually antispyware programs, MalwareBytes and SuperAntiSpyware. No real problems there but we will be reinstalling MBAM during the cleanup process. It is a very good program and if you only use it for scans on demand it's free. I would recommend that you keep it after we have reinstalled it.

I don't see any registry cleaning programs that have been installed so now I'm really confused as to what was meant by by lessening the amount of things saved by the registry.

OK, let's continue. I am gonna post a new OTL fix. If the screen goes blank after this fix just reboot the computer and it should load normally.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
DRV - [2013/09/23 11:32:12 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3303001
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{168DF70E-689E-470A-B1D1-B89475209EE3}: "URL" = http://search.condui...2519690215&UM=2
IE - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\..\SearchScopes\{DA5AA633-5A4C-4C40-85D9-46E15492EEF6}: "URL" = http://search.condui...q={searchTerms}
FF - prefs.js..CT3303001.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledAddons: eoWwdRD%40Qe3qzqg.com:11
[2013/09/19 14:10:03 | 000,000,000 | ---D | M] (Vafmusic8) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}
[2013/09/16 08:33:45 | 000,003,252 | ---- | M] () (No name found) -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected]
[2013/09/19 13:58:39 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\searchplugins\conduit.xml
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Vicki\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O4 - HKU\.DEFAULT..\Run: [SearchProtect] C:\Documents and Settings\NetworkService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] C:\Documents and Settings\NetworkService\Application Data\SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-2925914957-2950978658-2106584987-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2013/09/19 14:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 13:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/09/19 06:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\Malwarebytes
[2013/09/19 06:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/18 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com
[2013/09/18 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/22 14:06:07 | 003,081,090 | ---- | M] () -- C:\Documents and Settings\Vicki\My Documents\KeyBar 1.6 Toolbar screen.bmp
[2013/05/03 22:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign
[2013/01/22 10:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/19 14:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/09/19 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/10 10:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/06/17 08:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PriceGong
[2013/05/13 04:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SearchProtect
[2013/09/18 19:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\PriceGong
[2012/12/23 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vicki\Application Data\TuneUp Software

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Step-2.

Please go back to post #4 and pick up with Step 3.
Complete steps 3 and 4.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The aswMBR log
3. The AdwCleaner[R0].txt log
4. Are you still getting the redirects?
  • 0

Advertisements


#11
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
1. OTL fixes log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service MBAMSwissArmy stopped successfully!
Service MBAMSwissArmy deleted successfully!
C:\WINDOWS\system32\drivers\mbamswissarmy.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{597b1823-7ff0-4cd3-8095-9d8cba514992}\ not found.
HKU\S-1-5-21-2925914957-2950978658-2106584987-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Internet Explorer\SearchScopes\{168DF70E-689E-470A-B1D1-B89475209EE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{168DF70E-689E-470A-B1D1-B89475209EE3}\ not found.
Registry key HKEY_USERS\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Internet Explorer\SearchScopes\{DA5AA633-5A4C-4C40-85D9-46E15492EEF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA5AA633-5A4C-4C40-85D9-46E15492EEF6}\ not found.
Prefs.js: "true" removed from CT3303001.browser.search.defaultthis.engineName
Prefs.js: "Vafmusic8 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: eoWwdRD%40Qe3qzqg.com:11 removed from extensions.enabledAddons
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\Plugins folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\modules folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\META-INF folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\lib folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\defaults folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\components folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\sl folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\lib folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\core folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\wa folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\gf\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ui folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\sp folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\options\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\options\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\options\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\options folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\msd folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\api folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\ac folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb\al folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\tb folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\logic\uninstall\dialog\js folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\logic\uninstall\dialog\images folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\logic\uninstall\dialog\css folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\logic\uninstall\dialog folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\logic\uninstall folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content\logic folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001\content folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome\CT3303001 folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db}\chrome folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\{2088f46c-e352-46dd-9434-bb81014359db} folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\extensions\[email protected] moved successfully.
C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
Registry value HKEY_USERS\S-1-5-21-2925914957-2950978658-2106584987-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\Conduit\IE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\All Users\Application Data\HitmanPro\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\HitmanPro folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\Malwarebytes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\SUPERAntiSpyware.com folder moved successfully.
C:\Program Files\SUPERAntiSpyware folder moved successfully.
C:\Documents and Settings\Vicki\My Documents\KeyBar 1.6 Toolbar screen.bmp moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\Conduit\ not found.
Folder C:\Documents and Settings\All Users\Application Data\HitmanPro\ not found.
C:\Documents and Settings\Default User\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\Default User\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\Default User\Application Data\TuneUp Software folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect\Dialogs folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect\ffprotect folder moved successfully.
C:\Documents and Settings\NetworkService\Application Data\SearchProtect folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\PriceGong folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\Vicki\Application Data\TuneUp Software folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Vicki\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Vicki\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
The following command was not found: advfirewall reset.
C:\Documents and Settings\Vicki\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Vicki\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
The following command was not found: advfirewall set allprofiles state ON.
C:\Documents and Settings\Vicki\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Vicki\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327680 bytes
->Flash cache emptied: 2872767 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 327814 bytes
->Flash cache emptied: 2872767 bytes

User: Glen

User: Isaiah

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 327706 bytes
->Flash cache emptied: 291 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33210 bytes

User: Vicki
->Temp folder emptied: 1514987536 bytes
->Temporary Internet Files folder emptied: 146122703 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 371393093 bytes
->Flash cache emptied: 13315571 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27835295 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 191535738 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1494476 bytes

Total Files Cleaned = 2,168.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09242013_112143

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_fe8.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



2. aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-24 11:38:59
-----------------------------
11:38:59.531 OS Version: Windows 5.1.2600 Service Pack 3
11:38:59.531 Number of processors: 1 586 0x409
11:38:59.531 ComputerName: NORTHPOLEFAMILY UserName: Vicki
11:39:00.078 Initialize success
11:41:43.625 AVAST engine defs: 13092401
11:42:30.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:42:30.593 Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
11:42:30.796 Disk 0 MBR read successfully
11:42:30.796 Disk 0 MBR scan
11:42:30.828 Disk 0 Windows 7 default MBR code
11:42:30.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 6000 MB offset 2048
11:42:30.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 32144 MB offset 12290048
11:42:30.875 Disk 0 scanning sectors +78120960
11:42:31.093 Disk 0 scanning C:\WINDOWS\system32\drivers
11:42:39.796 Service scanning
11:43:09.250 Modules scanning
11:43:25.406 Disk 0 trace - called modules:
11:43:25.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:43:25.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865ddab8]
11:43:25.953 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x865dad98]
11:43:26.109 AVAST engine scan C:\WINDOWS
11:43:28.234 AVAST engine scan C:\WINDOWS\system32
11:47:28.796 AVAST engine scan C:\WINDOWS\system32\drivers
11:47:39.984 AVAST engine scan C:\Documents and Settings\Vicki
11:52:20.890 AVAST engine scan C:\Documents and Settings\All Users
11:52:57.656 Scan finished successfully
11:57:29.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Vicki\Desktop\MBR.dat"
11:57:29.984 The log file has been saved successfully to "C:\Documents and Settings\Vicki\Desktop\aswMBR.txt"


3. AdwCLeaner[R0].txt log:

# AdwCleaner v3.005 - Report created 24/09/2013 at 12:08:19
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Vicki - NORTHPOLEFAMILY
# Running from : C:\Documents and Settings\Vicki\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\\invalidprefs.js
File Found : C:\END
Folder Found C:\Documents and Settings\All Users\Application Data\apn
Folder Found C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\LocalService\Local Settings\Application Data\iac
Folder Found C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\jetpack
Folder Found C:\Documents and Settings\Vicki\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Vicki\Local Settings\Application Data\iac
Folder Found C:\Program Files\Ask.com
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\optimizer pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3284668
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3303001
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Vicki\Application Data\Mozilla\Firefox\Profiles\s66rmlhk.default\prefs.js ]

Line Found : user_pref("CT3303001.FF19Solved", "true");
Line Found : user_pref("CT3303001.UserID", "UN56719609023039130");
Line Found : user_pref("CT3303001.browser.search.defaultthis.engineName", "");
Line Found : user_pref("CT3303001.fullUserID", "UN56719609023039130.IN.20130919135810");
Line Found : user_pref("CT3303001.installDate", "19/09/2013 13:58:35");
Line Found : user_pref("CT3303001.installSessionId", "{905638BE-136D-4E7D-8FF1-5185C2915F5C}");
Line Found : user_pref("CT3303001.installSp", "TRUE");
Line Found : user_pref("CT3303001.installerVersion", "1.6.1.2");
Line Found : user_pref("CT3303001.keyword", "true");
Line Found : user_pref("CT3303001.originalHomepage", "hxxp://www.msn.com/");
Line Found : user_pref("CT3303001.originalSearchAddressUrl", "");
Line Found : user_pref("CT3303001.originalSearchEngine", "Bing");
Line Found : user_pref("CT3303001.originalSearchEngineName", "Bing");
Line Found : user_pref("CT3303001.searchRevert", "false");
Line Found : user_pref("CT3303001.searchUserMode", "2");
Line Found : user_pref("CT3303001.smartbar.homepage", "true");
Line Found : user_pref("CT3303001.versionFromInstaller", "10.20.0.13");
Line Found : user_pref("CT3303001.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3303001&octid=CT3303001&SearchSource=61&CUI=UN56719609023039130&UM=2&UP=SPAB987A0B-496E-4E3C-B6FB-DF6372D711E3");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("extensions.crossrider.bic", "1413807650c6625cd860a20c382cf47e");

*************************

AdwCleaner[R0].txt - [4961 octets] - [24/09/2013 12:08:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5021 octets] ##########


4. I am still having two problems, but the almost constant redirect problem appears to be gone, as well as the ads that kept sliding up from the bottom of the page. HURRAY! :thumbsup: The mouse had started to have problems accessing where I needed to type and that also appears to be fixed.

The 2 things that are remaining:
1. After the other person worked on the computer yesterday, upon rebooting I now get a Found New Hardware Screen displaying with hardware "unknown." It has happened upon every reboot since yesterday. Can you tell me how to get rid of that?

2. I spent 10+ minutes bopping around on the system to make sure the redirect virus was gone. It only happens in one situation, and Firefox won't let it open. It is when I sign in and out of another forum, but not within the forums pages other than that. Do you know what is going on with that?

Overall: :yeah: :thumbsup:
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
We're making progress but there is still more to do.

1. After the other person worked on the computer yesterday, upon rebooting I now get a Found New Hardware Screen displaying with hardware "unknown." It has happened upon every reboot since yesterday. Can you tell me how to get rid of that?

Sounds like a driver is trying to install/update, but since I don't know what the other fellow did I'm not sure what has happened. If the remaining steps don't clear it we will take a further look at that time. But if something was used to clean the registry, and I can't find anything, we may not ever know what is causing the problem until we find out what, if anything, was removed.

2. I spent 10+ minutes bopping around on the system to make sure the redirect virus was gone. It only happens in one situation, and Firefox won't let it open. It is when I sign in and out of another forum, but not within the forums pages other than that. Do you know what is going on with that?

Are you able to log into that site using another browser?

I would recommend that you print these instructions or save them to a text file so you will have them handy as you complete the steps. It might also be beneficial to download the JRT tool and MalwareBytes to the desktop at one time and then close the browser and complete the instructions.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Double click the AdwCleaner icon to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Double click the JRT.exe file to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.

Important: Before starting steps 3 and 4 I want you to disable any screen saver you might have running.

Step-3.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Double Click the mbam-setup.exe file to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-4.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

You will need to to right-click on the either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in Uninstall application on close
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on list of threats found
    • Click on export to text file and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in Uninstall application on close Be sure you have saved the file first
    • Click on Finish
    • Close the program
Don't forget to re-enable your Antivirus program and screen saver.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the two remaining issues you reported above are still present.
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. The MalwareBytes log
5. The ESET scan log (If it found anything). If it didn't just let me know.
  • 0

#13
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
2 questions. I turned Firewall and AVG back on to ask this & have noted to disable them again before continuing the process.

1st Question:

I got to the malwarebytes "Remove Selected" step and am really nervous about what I am deleting. There are 150 objects, many "C:/Document and settings/..." that I am OK with, but am I suppose to delete:

PUP.Optional.D... Registry Key "HKCU/SOFTWARE/Microsoft/Windows..." <-- one of those
PUP.Optional.D... Registry Key "HKLM/SOFTWARE/Microsoft/WindowsNT..." <-- one of those
PUP.Optional.S... files & folders "C:/WINDOWS/system32/config/systemprofil..." <-- many of those

The "C:/System Volume Information..." I of course did not check to delete.



Second Question: resolved, see next post

I have Windows XP screen saver. I did START, CONTROL PANEL, DISPLAY, SCREEN SAVER - and changed it to NONE. But the screen still blanked out during the malware step. I just went back in and triple checked it was set to none and it is. I noticed the POWER button so I went there and changed the TURN OFF MONITOR button to NEVER. (The monitor had not turned off, just a black screen which a tap of the mouse restored the screen.) Will this keep the screen up for the next step? That part about the ESET Scanner having a touchy mouse is worrying me; don't need this to stall!

It's late here, I will check for a reply tomorrow and leave this hanging for the night.

Thank you.

Edited by CoolSunrise, 25 September 2013 - 06:49 AM.

  • 0

#14
CoolSunrise

CoolSunrise

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Looks like the second question is solved - the screen didn't go blank during the night. But, I should ask while I have the chance, what do I do if the ESET stalls?

I have to be gone most of the day but will start all this again ASAP. Perhaps the break will be good for my nerves... :wacko:
  • 0

#15
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I got to the malwarebytes "Remove Selected" step and am really nervous about what I am deleting. There are 150 objects, many "C:/Document and settings/..." that I am OK with, but am I suppose to delete:

Yep, click the Remove button. If MBAM should remove something in error, which I haven't seen it do, there is a way to put it back. That's one two of the reasons we use and recommend it.

But, I should ask while I have the chance, what do I do if the ESET stalls?

We start over with the ESET scan. But I haven't had any problems with that as long as you don't move the mouse around. That's why I asked you to disable the screen saver...so you wouldn't be as tempted to move the mouse because the screen saver engaged. I've never had an issue when the monitor blacks out because of the energy saving feature but it won't hurt to leave that setting where you have it now until after the ESET scan.

You're doing great :cool:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP