1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved 1007 objects detected in MBAM

Discussion in 'Malware and Virus Removal Archive' started by rthompson, 2012/10/07.

Page 2 of 2
  1. 2012/10/08
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    otl custom fix

    All processes killed
    Error: Unable to interpret <Code: > in the current context!
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5877FCFE-F185-C7BC-3AB5-7F6D06DCA725}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5877FCFE-F185-C7BC-3AB5-7F6D06DCA725}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2081551717-3255779994-4236519115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2081551717-3255779994-4236519115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_USERS\S-1-5-21-2081551717-3255779994-4236519115-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{348bd83c-b2cd-4319-a605-c96bb458dd80} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ deleted successfully.
    C:\Program Files\toolbar2\searchresultsDx.dll moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\ask.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ not found.
    File C:\Program Files\toolbar2\searchresultsDx.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{348bd83c-b2cd-4319-a605-c96bb458dd80} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{348bd83c-b2cd-4319-a605-c96bb458dd80}\ not found.
    File C:\Program Files\toolbar2\searchresultsDx.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-2081551717-3255779994-4236519115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar folder moved successfully.
    C:\WINDOWS\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Ask folder moved successfully.
    ========== FILES ==========
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 2285739 bytes
    ->Temporary Internet Files folder emptied: 217230648 bytes
    ->Java cache emptied: 190901 bytes
    ->Google Chrome cache emptied: 42185859 bytes
    ->Flash cache emptied: 9258582 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Rosalie Shock
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5537795 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2401626 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32205909 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 297.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Rosalie Shock

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Rosalie Shock

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10082012_083510

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
    rthompson,
    #21
  2. 2012/10/08
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    checkup

    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus 2012
    avast! Antivirus
    Microsoft Security Essentials
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Toolbar Cleaner 1.1
    Java(TM) 6 Update 33
    Java 7 Update 7
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.1.102.64 Flash Player out of Date!
    Mozilla Firefox (3.6.12) Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````
     
    rthompson,
    #22


  3. to hide this advert.

  4. 2012/10/08
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    fss

    Farbar Service Scanner Version: 07-10-2012
    Ran by Administrator (administrator) on 08-10-2012 at 08:53:25
    Running from "C:\Documents and Settings\Administrator\Desktop "
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4)
    0x0B00000005000000010000000200000003000000040000000B000000080000000600000007000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
     
    rthompson,
    #23
  5. 2012/10/08
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    adwcleaner

    # AdwCleaner v2.004 - Logfile created 10/08/2012 at 08:57:31
    # Updated 06/10/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Administrator - PCRR-5273E62E10
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DHIGL3O3\adwcleaner[1].exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods-speeddial.crx
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Ask.com
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\iWin
    Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Qwiklinx
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
    Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Wajam
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\iWin
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Ilivid
    Folder Deleted : C:\Program Files\OApps
    Folder Deleted : C:\Program Files\Qwiklinx
    Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AskToolbar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Qwiklinx
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3185123
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0FtC0BzyyC0EyCtDyB0FtAtN0D0Tzu0StByEtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=451576081 --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=109935&tt=060612_7_&babsrc=nt_ss&mntrid=6cb607f3000000000000000b7d280253 --> hxxp://www.google.com

    -\\ Google Chrome v21.0.1180.89

    File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.2] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0FtC0BzyyC0EyCtDyB0FtAtN0D0Tzu0StByEtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=451576081" ],
    Deleted [l.6] : homepage = "hxxp://start.funmoods.com/?f=1&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0FtC0BzyyC0EyCtDyB0FtAtN0D0Tzu0StByEtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=451576081 ",
    Deleted [l.10] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0FtC0BzyyC0EyCtDyB0FtAtN0D0Tzu0StByEtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=451576081 ",
    Deleted [l.18] : urls_to_restore_on_startup = "ahfgeienlihckogmohjhadlkjgocpleb ":{ "active_permissions ":{ "api ":[ "appNotifications ", "management ", "webstorePrivate"]}, "app_launcher_ordinal ": "n ", "page_ordinal ": "n "}, "blpcfgokakmgnkcojhhkbfbldkacnbeo ":{ "ack_external ":true, "app_launcher_ordinal ": "t ", "events ":[ "experimental.extension.onInstalled"], "from_bookmark ":true, "from_webstore ":false, "install_time ": "12985118747691560 ", "location ":2, "manifest ":{ "app ":{ "launch ":{ "container ": "tab ", "web_url ": "hxxp://www.youtube.com/ "}, "web_content ":{ "enabled ":true, "origin ": "hxxp://www.youtube.com "}}, "description ": "The world's most popular online video community. ", "icons ":{ "128 ": "128.png "}, "key ": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB ", "name ": "YouTube ", "update_url ": "hxxp://clients2.google.com/service/update2/crx ", "version ": "4.2 "}, "page_ordinal ": "n ", "path ": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2_0 ", "state ":1}, "coobgpohoikkiipiblmjeljniedjpjpf ":{ "ack_external ":true, "active_bit ":true, "app_launcher_ordinal ": "x ", "events ":[ "experimental.extension.onInstalled"], "from_bookmark ":true, "from_webstore ":false, "install_time ": "12985118765007560 ", "location ":2, "manifest ":{ "app ":{ "launch ":{ "web_url ": "hxxp://www.google.com/?source=search_app "}, "urls ":[ "*://www.google.com/?source=search_app ", "*://www.google.com/search ", "*://www.google.com/webhp ", "*://www.google.com/imgres"]}, "current_locale ": "en_US ", "default_locale ": "en ", "description ": "The fastest way to search the web. ", "icons ":{ "128 ": "128.png ", "16 ": "16.png ", "32 ": "32.png ", "48 ": "48.png "}, "key ": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB ", "name ": "Google Search ", "update_url ": "hxxp://clients2.google.com/service/update2/crx ", "version ": "0.0.0.14 "}, "page_ordinal ": "n ", "path ": "coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.14_0 ", "state ":1}, "gngibdjokigdkfimjcencahcljlabnog ":{ "ack_external ":true}, "jmfkcklnlgedgbglfkkgedjfmejoahla ":{ "active_permissions ":{ "api ":[ "plugin"], "scriptable_host ":[ "hxxp://*/* ", "hxxps://*/*"]}, "events ":[ "experimental.extension.onInstalled"], "from_bookmark ":false, "from_webstore ":false, "install_time ": "12985118755656560 ", "location ":3, "manifest ":{ "background_page ": "background.html ", "content_scripts ":[{ "js ":[ "content/jquery-1.4.4.min.js ", "content/avgls-inline.js ", "content/searchengine.js ", "content/searchshield.js"], "matches ":[ "hxxp://*/* ", "hxxps://*/*"], "run_at ": "document_start "}], "description ": "Securing your clicks. ", "format_version ":1, "icons ":{ "128 ": "content/Icons/128x128.png ", "16 ": "content/Icons/16x16.png ", "48 ": "content/Icons/48x48.png ", "64 ": "content/Icons/64x64.png "}, "id ": "881AC4EF96904f5fA0B49048C377CD59E8A84102 ", "key ": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB ", "minimum_chrome_version ": "9 ", "name ": "AVG Safe Search ", "plugins ":[{ "path ": "plugins/avgnpss.dll ", "public ":true}], "version ": "12.0.0.2161 "}, "path ": "jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.2161_0 ", "state ":1}, "ndibdjnfmopecpmkdieinmbadjfpblof ":{ "active_permissions ":{ "api ":[ "tabs ", "webRequest ", "webRequestBlocking"], "explicit_host ":[ "hxxp://*/* ", "hxxp://dnt.cloud.avg.com/* ", "hxxp://dntf.cloud.avg.com/* ", "hxxps://*/*"], "scriptable_host ":[ "hxxp://*/* ", "hxxps://*/*"]}, "events ":[ "experimental.extension.onInstalled"], "from_bookmark ":false, "from_webstore ":false, "install_time ": "12985118759339560 ", "location ":3, "manifest ":{ "background_page ": "content/background.html ", "browser_action ":{ "default_icon ": "content/icons/avg_icon_16.png ", "default_title ": "AVG Do Not Track "}, "content_scripts ":[{ "all_frames ":true, "js ":[ "content/js/content.js"], "matches ":[ "hxxp://*/* ", "hxxps://*/*"], "run_at ": "document_start "}], "current_locale ": "en_US ", "default_locale ": "en ", "description ": "Block Ads and Trackers ", "icons ":{ "128 ": "content/icons/avg_icon_128.png ", "16 ": "content/icons/avg_icon_16.png ", "32 ": "content/icons/avg_icon_48.png "}, "key ": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB ", "name ": "AVG Do Not Track ", "options_page ": "content/options.html ", "permissions ":[ "tabs ", "webRequest ", "webRequestBlocking ", "hxxp://*/* ", "hxxps://*/* ", "hxxp://dnt.cloud.avg.com/ ", "hxxp://dntf.cloud.avg.com/"], "version ": "12.0.0.2166 "}, "path ": "ndibdjnfmopecpmkdieinmbadjfpblof\\12.0.0.2166_0 ", "state ":1}, "pjkljhegncpnkpknbcohdijeoejaedia ":{ "ack_external ":true, "active_permissions ":{ "api ":[ "notifications"]}, "app_launcher_ordinal ": "w ", "events ":[ "experimental.extension.onInstalled"], "from_bookmark ":true, "from_webstore ":false, "install_time ": "12985118763747560 ", "location ":2, "manifest ":{ "app ":{ "launch ":{ "container ": "tab ", "web_url ": "hxxps://mail.google.com/mail/ca "}, "urls ":[ "*://mail.google.com/mail/ca"]}, "current_locale ": "en_US ", "default_locale ": "en ", "description ": "Fast, searchable email with less spam. ", "icons ":{ "128 ": "128.png ", "24 ": "24.png ", "48 ": "48.png "}, "key ": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB ", "name ": "Gmail ", "options_page ": "hxxps://mail.google.com/mail/ca/#settings ", "permissions ":[ "notifications"], "update_url ": "hxxp://clients2.google.com/service/update2/crx ", "version ": "6.1.3 "}, "page_ordinal ": "n ", "path ": "pjkljhegncpnkpknbcohdijeoejaedia\\6.1.3_0 ", "state ":1}}, "toolbar ":[ "ndibdjnfmopecpmkdieinmbadjfpblof"], "toolbarsize ":-1}, "google ":{ "services ":{ "username ": "rosalieb.shock@gmail.com "}}, "is_google_plus_user ":true, "net ":{ "hxxp_server_properties ":{ "accounts.google.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":32},{ "id ":6, "value ":0}], "supports_spdy ":true}, "clients4.google.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":46},{ "id ":6, "value ":0}], "supports_spdy ":true}, "cm.g.doubleclick.net:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":32},{ "id ":6, "value ":0}], "supports_spdy ":true}, "id.google.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":32},{ "id ":6, "value ":0}], "supports_spdy ":true}, "lh4.googleusercontent.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":32},{ "id ":6, "value ":0}], "supports_spdy ":true}, "news.google.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":32},{ "id ":6, "value ":0}], "supports_spdy ":true}, "plus.google.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":32},{ "id ":6, "value ":0}], "supports_spdy ":true}, "ssl.gstatic.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":36},{ "id ":6, "value ":0}], "supports_spdy ":true}, "www.google.com:443 ":{ "settings ":[{ "id ":4, "value ":100},{ "id ":5, "value ":43},{ "id ":6, "value ":0}], "supports_spdy ":true}}}, "ntp ":{ "app_page_names ":[ "Apps"], "promo_build ":4, "promo_closed ":false, "promo_end ":1338958740.0, "promo_feature_mask ":0, "promo_group ":50, "promo_group_max ":99, "promo_group_timeslice ":0, "promo_is_logged_in_to_plus ":false, "promo_line ": "We’ve remodeled! <a href=\ "hxxps://support.google.com/chromeos/?p=ntp19\ ">Learn more about the latest features</a> on your Chromebook. ", "promo_platform ":8, "promo_resource_cache_update ": "1340645110.02356 ", "promo_start ":1338321600.0, "promo_views ":0, "promo_views_max ":20}, "plugins ":{ "enabled_internal_pdf3 ":true, "enabled_nacl ":true, "last_internal_directory ": "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.56 ", "plugins_list ":[{ "enabled ":true, "name ": "Remoting Viewer ", "path ": "internal-remoting-viewer ", "version ":" "},{ "enabled ":true, "name ": "Remoting Viewer "},{ "enabled ":true, "name ": "Native Client ", "path ": "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.56\\ppGoogleNaClPluginChrome.dll ", "version ":" "},{ "enabled ":true, "name ": "Native Client "},{ "enabled ":true, "name ": "Chrome PDF Viewer ", "path ": "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.56\\pdf.dll ", "version ":" "},{ "enabled ":true, "name ": "Chrome PDF Viewer "},{ "enabled ":true, "name ": "Shockwave Flash ", "path ": "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.56\\gcswf32.dll ", "version ": "11,3,300,257 "},{ "enabled ":true, "name ": "Shockwave Flash ", "path ": "C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll ", "version ": "10,1,102,64 "},{ "enabled ":true, "name ": "Flash "},{ "enabled ":true, "name ": "AVG Internet Security ", "path ": "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.2161_0\\plugins/avgnpss.dll ", "version ": "12.0.0.2161 "},{ "enabled ":true, "name ": "AVG Internet Security "},{ "enabled ":true, "name ": "2007 Microsoft Office system ", "path ": "C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL ", "version ": "12.0.4518.1014 "},{ "enabled ":true, "name ": "Microsoft Office "},{ "enabled ":true, "name ": "Microsoft® DRM ", "path ": "C:\\Program Files\\Windows Media Player\\npdrmv2.dll ", "version ": "9.00.00.4503 "},{ "enabled ":true, "name ": "Microsoft® DRM ", "path ": "C:\\Program Files\\Windows Media Player\\npwmsdrm.dll ", "version ": "9.00.00.4503 "},{ "enabled ":true, "name ": "Microsoft® DRM "},{ "enabled ":true, "name ": "Windows Media Player Plug-in Dynamic Link Library ", "path ": "C:\\Program Files\\Windows Media Player\\npdsplay.dll ", "version ": "3.0.2.629 "},{ "enabled ":true, "name ": "Windows Media Player "},{ "enabled ":true, "name ": "Google Update ", "path ": "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll ", "version ": "1.3.21.111 "},{ "enabled ":true, "name ": "Google Update "},{ "enabled ":true, "name ": "AVG SiteSafety plugin ", "path ": "C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.0.2\\\\npsitesafety.dll ", "version ": "11, 0, 0, 3 "},{ "enabled ":true, "name ": "AVG SiteSafety plugin "},{ "enabled ":true, "name ": "Java Deployment Toolkit 7.0.50.5 ", "path ": "C:\\WINDOWS\\system32\\npDeployJava1.dll ", "version ": "10.5.0.05 "},{ "enabled ":true, "name ": "Java Deployment Toolkit 7.0.50.5 "},{ "enabled ":true, "name ": "Java(TM) Platform SE 7 U5 ", "path ": "c:\\Program Files\\Java\\jre7\\bin\\plugin2\\npjp2.dll ", "version ": "10.5.0.05 "},{ "enabled ":true, "name ": "Java(TM) Platform SE 7 U5 "},{ "enabled ":true, "name ": "Silverlight Plug-In ", "path ": "c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll ", "version ": "4.1.10329.0 "},{ "enabled ":true, "name ": "Silverlight "},{ "enabled ":true, "name ": "Windows Presentation Foundation ", "path ": "c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll ", "version ": "3.5.30729.1 built by: SP "},{ "enabled ":true, "name ": "Windows Presentation Foundation "}]}, "profile ":{ "avatar_index ":0, "content_settings ":{ "pref_version ":1}, "created_by_version ": "19.0.1084.56 ", "exited_cleanly ":true, "name ": "First user "}, "sync ":{ "homepage ": "hxxp://search.conduit.com/?ctid=CT3185123&SearchSource=48 ", "homepage_is_newtabpage ":false, "session ":{ "restore_on_startup ":0,[ "hxxp://search.conduit.com/?ctid=CT3185123&SearchSource=48"]}, "sync_promo ":{ "show_ntp_bubble ":false, "startup_count ":1, "user_skipped ":true, "view_count ":1}}}

    *************************

    AdwCleaner[S1].txt - [23695 octets] - [08/10/2012 08:57:31]

    ########## EOF - C:\AdwCleaner[S1].txt - [23756 octets] ##########
     
    rthompson,
    #24
  6. 2012/10/08
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    eset

    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP150\A0085411.exe a variant of Win32/Kryptik.GR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP150\A0086376.exe a variant of Win32/Kryptik.GR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP150\A0086378.exe a variant of Win32/Kryptik.GR trojan deleted - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP150\A0086426.exe a variant of Win32/Kryptik.GR trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP157\A0090772.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP157\A0090774.DLL a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP157\A0090775.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP157\A0090776.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP157\A0091837.dll Win32/Toolbar.BHO.B application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP157\A0091852.dll Win32/Toolbar.BHO.B application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092937.scr Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092939.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092940.DLL Win32/FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092941.DLL Win32/FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092942.DLL a variant of Win32/Toolbar.MyWebSearch.G application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092943.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092944.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092945.DLL Win32/FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092946.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092947.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092948.DLL Win32/Toolbar.MyWebSearch.D application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092949.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092950.EXE Win32/FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092951.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092952.DLL Win32/FunWeb application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092954.DLL Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092955.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092956.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092958.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092959.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092960.DLL a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092961.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092963.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092964.EXE Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092965.EXE a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092966.DLL Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092967.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092968.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092969.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092970.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP159\A0092971.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093790.DLL Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093791.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093792.DLL a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093793.DLL Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093794.DLL a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093795.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093796.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP161\A0093797.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP167\A0094019.dll a variant of Win32/Toolbar.MyWebSearch.K application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP172\A0094359.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP172\A0094360.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP172\A0094361.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP172\A0094362.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP172\A0094363.dll Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP172\A0094365.exe Win32/Toolbar.Funmoods application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP176\A0094669.msi a variant of Win32/Adware.ErrorRepair application deleted - quarantined
    C:\System Volume Information\_restore{7C0E2DE7-3504-4EC8-8C8F-37A6B5CCC511}\RP206\A0103072.msi a variant of Win32/Adware.ErrorRepair application deleted - quarantined
     
    rthompson,
    #25
  7. 2012/10/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===========================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
    broni,
    #26
  8. 2012/10/08
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    otl restore point

    The custom fix went well, I forgot to post the log before doing the cleanup step.

    My computer is running great, no more errors, thank you very much for your assistance.
     
    rthompson,
    #27
  9. 2012/10/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Way to go!! [​IMG]
    Good luck and stay safe :)
     
    broni,
    #28
  10. 2012/10/10
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    still infected

    Broni, after we completed the above steps I decided to recheck my aunts system before giving it back to her. I updated MBAM and ran a quick scan. The scan found 34 more infections, mostly pups and adware, I chose to remove them.

    Then I downloaded rougekiller and combofix. I ran RK and deleted what it detected. Then ran combofix, Upon completion and restart avast found a rootkit and suggested to delete it and run a bootime scan in order to complete the removal.

    I will post the above logs after avast finishes the boottime scan. If you need any further logs please let me know.
     
    rthompson,
    #29
  11. 2012/10/10
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    Avast must have taken care of the problem 0 items detected in bootime scan.

    If I have any further problems I'll start a new thread, thanks again.
     
    rthompson,
    #30
  12. 2012/10/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well then...
     
    broni,
    #31
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...