Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Funmoods in Registry. Please Help!

(In Progress)
(!)

nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
22-Jul-2012, 10:16 PM #1
Funmoods in Registry. Please Help!
Accidentally installed funmoods toolbar and it's effecting my desktop icons, downloads, and sigmatel IDT systray won't end when i shut down the computer.

Computer Specs-

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 3.20GHz, x86 Family 15 Model 4 Stepping 4
Processor Count: 2
RAM: 3069 Mb
Graphics Card: ATI Radeon HD 3600 Series, 1024 Mb
Hard Drives: C: Total - 238464 MB, Free - 215774 MB; D: Total - 38154 MB, Free - 38086 MB; E: Total - 305242 MB, Free - 305160 MB;
Motherboard: Intel Corporation, D945GPM
Antivirus: None

hijackthis-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:46:03 PM, on 7/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Computer\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.paretologic.com/redirect/...0-07-2012&key=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
O3 - Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\isaac~1.xph\locals~1\temp\cdm\{5646f86a-7942-455c-9184-eb857ce2968a}\STacSV.exe (file missing)

--
End of file - 8128 bytes

dds-

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
Run by Computer at 21:46:58 on 2012-07-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2470 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.paretologic.com/redirect/?aid=3&vid=1&lid=en&uid=0&cpid=129&pid=31&FROMSCHEDULE=1&INSTALLDATE=02:21: 59%2021-07-2012&SCANCOUNT=1&BUTTON=0&OUTDATED_COUNT=1315&SCANTIME=&RUNCOUNT=1&INSTALLD ATELOCAL=22:21:59%2020-07-2012&key=
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
TB: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DA34BFDA-947E-401E-BFA3-8604C4FA0442} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\computer\application data\mozilla\firefox\profiles\9bx2zv4v.default\
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 136176]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-2 1373576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-27 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 655944]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-20 113120]
.
=============== Created Last 30 ================
.
2012-07-23 01:03:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-21 04:39:16 -------- d-----w- c:\documents and settings\computer\local settings\application data\Electronic_Arts_Inc
2012-07-21 04:28:59 -------- d-----w- c:\documents and settings\computer\local settings\application data\Temp
2012-07-21 03:35:08 -------- d-----w- c:\documents and settings\computer\application data\Malwarebytes
2012-07-21 02:43:33 -------- d-----w- c:\documents and settings\computer\local settings\application data\Sun
2012-07-21 02:34:28 -------- d-----w- c:\documents and settings\computer\local settings\application data\Google
2012-07-21 02:34:28 -------- d-----w- c:\documents and settings\computer\application data\SpeedyPC Software
2012-07-21 02:21:57 -------- d-----w- c:\documents and settings\computer\application data\DriverCure
2012-07-21 02:21:49 -------- d-----w- c:\documents and settings\all users.windows\application data\SpeedyPC Software
2012-07-21 02:16:38 -------- d-----w- c:\documents and settings\computer\local settings\application data\Mozilla
2012-07-21 02:12:02 -------- d-----w- c:\documents and settings\computer\local settings\application data\LogMeIn Hamachi
2012-07-21 02:12:02 -------- d-----w- c:\documents and settings\computer\local settings\application data\ATI
2012-07-21 02:11:51 -------- d-----w- c:\documents and settings\computer\local settings\application data\Microsoft
2012-07-20 21:01:06 -------- d-----w- c:\program files\common files\Steam
2012-07-19 00:39:57 -------- d-----w- c:\program files\smartdl
2012-07-18 23:35:03 -------- d-----w- c:\program files\Legalsounds Download Manager
2012-07-18 22:59:27 -------- d-----r- c:\program files\Skype
2012-07-16 16:27:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 16:27:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 00:32:57 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-07-14 18:56:30 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2012-07-14 18:56:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 18:56:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 18:27:30 -------- d-----w- c:\documents and settings\all users.windows\application data\IBUpdaterService
2012-07-14 18:27:27 17464 ----a-w- c:\windows\system32\roboot.exe
2012-07-14 18:26:59 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-14 05:34:44 -------- d-----w- c:\documents and settings\all users.windows\application data\AOL Toolbar
2012-07-14 05:34:42 -------- d-----w- c:\program files\common files\Software Update Utility
2012-07-14 05:32:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-14 05:32:45 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-14 05:32:45 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-07-14 05:32:45 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-07-14 05:32:43 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-14 05:32:43 -------- d-----w- c:\program files\PDFCreator
2012-07-14 05:32:10 -------- d-----w- c:\documents and settings\all users.windows\application data\BasicScan
2012-07-14 02:47:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-14 02:47:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-14 02:27:02 -------- d-----w- c:\documents and settings\all users.windows\application data\Tarma Installer
2012-07-14 01:09:51 -------- d-----w- c:\windows\Logs
2012-07-14 01:09:49 -------- d-----w- c:\documents and settings\all users.windows\application data\Electronic Arts
2012-07-12 20:33:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-07-12 20:33:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-07-05 22:45:34 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-07-05 17:05:26 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-02 14:07:24 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-07-02 14:07:24 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-07-02 14:07:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-07-02 14:07:23 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-07-02 03:23:54 -------- d-----w- c:\program files\Project64 1.6
2012-07-02 02:52:16 -------- d-----w- c:\program files\Oracle
2012-07-02 02:52:10 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-02 02:52:10 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-02 02:52:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-02 01:39:07 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-02 01:39:07 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-02 01:38:23 -------- d-----w- c:\program files\iPod
2012-07-02 01:38:18 -------- d-----w- c:\program files\iTunes
2012-07-02 01:38:18 -------- d-----w- c:\documents and settings\all users.windows\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-02 01:37:47 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-02 01:37:47 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-02 01:37:33 -------- d-----w- c:\program files\Bonjour
2012-07-01 14:53:21 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-01 14:53:21 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:47:34.68 ===============

attach-

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/23/2008 11:16:47 AM
System Uptime: 7/22/2012 9:12:24 PM (0 hours ago)
.
Motherboard: Intel Corporation | | D945GPM
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | J3E1 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 211.094 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 37.194 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 298.008 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\4&3036D68D&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\4&3036D68D&0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_544E8086&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_544E8086&REV_01\3&61AAA01&0&FB
Service:
.
==== System Restore Points ===================
.
RP158: 7/1/2012 11:50:44 AM - System Checkpoint
RP159: 7/1/2012 11:59:11 AM - Software Distribution Service 3.0
RP160: 7/1/2012 2:59:44 PM - Removed Logitech Harmony Remote Software 7
RP161: 7/1/2012 9:38:09 PM - Installed iTunes
RP162: 7/1/2012 10:51:52 PM - Installed Java(TM) 7 Update 5
RP163: 7/1/2012 10:52:15 PM - Installed JavaFX 2.1.1
RP164: 7/1/2012 11:23:54 PM - Installed Project64 1.6
RP165: 7/2/2012 2:31:32 AM - Removed Project64 1.6
RP166: 7/2/2012 8:37:54 AM - Installed Project64 1.6
RP167: 7/3/2012 9:30:25 AM - System Checkpoint
RP168: 7/4/2012 10:45:34 AM - System Checkpoint
RP169: 7/5/2012 12:36:23 AM - Installed LogMeIn Hamachi
RP170: 7/5/2012 3:23:20 PM - Removed LogMeIn Hamachi
RP171: 7/6/2012 4:03:43 PM - System Checkpoint
RP172: 7/7/2012 4:41:59 PM - System Checkpoint
RP173: 7/9/2012 2:15:50 PM - System Checkpoint
RP174: 7/10/2012 4:21:17 PM - System Checkpoint
RP175: 7/12/2012 1:41:22 PM - Software Distribution Service 3.0
RP176: 7/13/2012 1:59:46 PM - System Checkpoint
RP177: 7/13/2012 9:11:24 PM - Installed DirectX
RP178: 7/14/2012 1:32:57 AM - Printer Driver PDFCreator Installed
RP179: 7/14/2012 1:36:35 AM - Printer Driver PDFCreator Installed
RP180: 7/14/2012 2:26:58 PM - Installed LogMeIn Hamachi
RP181: 7/14/2012 2:38:05 PM - Software Distribution Service 3.0
RP182: 7/15/2012 11:19:06 PM - System Checkpoint
RP183: 7/16/2012 1:53:39 AM - Installed Steam
RP184: 7/16/2012 2:18:40 AM - Removed Steam
RP185: 7/17/2012 1:42:03 PM - System Checkpoint
RP186: 7/18/2012 9:34:45 PM - System Checkpoint
RP187: 7/19/2012 11:07:52 AM - Software Distribution Service 3.0
RP188: 7/20/2012 4:59:52 PM - Restore Operation
RP189: 7/20/2012 10:33:17 PM - Restore Operation
RP190: 7/22/2012 8:57:31 PM - Installed Windows XP KB942288-v3.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
AutoUpdate
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CDDRV_Installer
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
Download Updater (AOL Inc.)
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
KhalInstallWrapper
Legalsounds Download Manager
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Need For Speed™ World
NETGEAR WPN311 Wireless Adapter
PDFCreator
Project64 1.6
Realtek High Definition Audio Driver
Remote Control USB Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skins
Skype Click to Call
Skype™ 5.10
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/22/2012 4:31:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/22/2012 4:30:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/22/2012 4:30:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/20/2012 6:58:13 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/20/2012 6:56:51 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/20/2012 5:54:06 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
7/20/2012 5:51:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/20/2012 5:05:10 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E2ABF0CC9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
7/20/2012 10:38:13 PM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified.
7/18/2012 7:31:54 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================

GMER-

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-22 23:07:54
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 ST325082 rev.3.AA
Running: 4r2200o0.exe; Driver: C:\DOCUME~1\Computer\LOCALS~1\Temp\fxtdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9881000, 0x1894F8, 0xE8000020]
? C:\DOCUME~1\Computer\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0116B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[740] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0141B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[740] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0141B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[740] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 0141B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
24-Jul-2012, 03:59 AM #2
Hello there, nygiantsfan87

Welcome to TSG

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Also note that I will not respond to this thread if I don't receive your reply for 3 days.

---------------------------------------------------------------------------------------------------

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
24-Jul-2012, 11:14 AM #3
Thanks for the Help

Combofix-

ComboFix 12-07-25.04 - Computer_2 07/24/2012 12:01:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2356 [GMT -4:00]
Running from: c:\documents and settings\Computer_2\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\9d76d84a221031d1cc5e7282c7f5ef1a_c
c:\documents and settings\All Users.WINDOWS\Application Data\BasicScan
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BASICSCAN_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 14:31 . 2012-07-24 14:31 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedyPC Software
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\windows\Sun
2012-07-23 18:11 . 2012-07-23 18:14 -------- d-----w- c:\documents and settings\Computer_2
2012-07-20 21:01 . 2012-07-20 21:01 -------- d-----w- c:\program files\Common Files\Steam
2012-07-19 00:39 . 2012-07-20 22:52 -------- d-----w- c:\program files\smartdl
2012-07-18 23:35 . 2012-07-18 23:35 -------- d-----w- c:\program files\Legalsounds Download Manager
2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\program files\Common Files\Skype
2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----r- c:\program files\Skype
2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2012-07-16 16:27 . 2012-07-16 16:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 16:27 . 2012-07-16 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 00:32 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 18:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 18:27 . 2012-07-14 18:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IBUpdaterService
2012-07-14 18:27 . 2012-07-24 16:05 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Toolbar
2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-07-14 05:32 . 2005-04-15 23:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-07-14 05:32 . 2004-03-09 04:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-14 05:32 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-07-14 05:32 . 1998-06-24 04:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-14 05:32 . 2012-07-14 05:36 -------- d-----w- c:\program files\PDFCreator
2012-07-14 05:32 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-14 02:47 . 2012-07-20 22:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-14 02:47 . 2012-07-20 22:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-14 02:27 . 2012-07-20 22:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
2012-07-14 01:09 . 2012-07-21 04:31 -------- d-----w- c:\windows\Logs
2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\program files\Electronic Arts
2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2012-07-12 20:33 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-07-12 20:33 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-07-08 20:32 . 2012-07-08 20:32 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Sun
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 17:05 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-02 14:07 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-07-02 14:07 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-07-02 14:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-07-02 14:07 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-07-02 03:23 . 2012-07-02 12:37 -------- d-----w- c:\program files\Project64 1.6
2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Common Files\Java
2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Oracle
2012-07-02 02:52 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-02 02:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-02 02:52 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\program files\Java
2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2012-07-02 01:39 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-02 01:39 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\program files\iPod
2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\program files\iTunes
2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Apple Software Update
2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
2012-07-02 01:37 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-02 01:37 . 2012-04-25 16:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Bonjour
2012-07-02 01:37 . 2012-07-02 01:38 -------- d-----w- c:\program files\Common Files\Apple
2012-07-01 14:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-01 14:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-12-23 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-12-23 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-12-23 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-12-23 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-12-23 16:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-12-23 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-12-23 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-03-26 21:31 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-03-26 21:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2010-03-26 21:31 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-12-23 16:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-21 03:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - [N/A]
NETGEAR WPN311 Smart Wizard.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 21:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WPN311 Smart Wizard.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPN311 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN311 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6/27/2012 12:29 PM 1385896]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/27/2008 8:11 PM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 2:56 PM 655944]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 2:56 PM 22344]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/16/2012 12:27 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/20/2012 11:17 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 16:27]
.
2012-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\0eijv3ze.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-24 12:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(7924)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2012-07-24 12:11:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 16:11
.
Pre-Run: 228,568,039,424 bytes free
Post-Run: 228,608,008,192 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F30C67CAE4A2F90CB3569D36D1C7C4DF
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
24-Jul-2012, 10:51 PM #4
Hi,

You're welcome

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code:
DDS::
BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
uInternet Connection Wizard,ShellNext = hxxp://www.paretologic.com/redirect/?aid=3&vid=1&lid=en&uid=0&cpid=129&pid=31&FROMSCHEDULE=1&INSTALLDATE=02:21: 59%2021-07-2012&SCANCOUNT=1&BUTTON=0&OUTDATED_COUNT=1315&SCANTIME=&RUNCOUNT=1&INSTALLD ATELOCAL=22:21:59%2020-07-2012&key=

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



===================================================

On your next reply please post :
Combofix log
Are there any improvements?


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
25-Jul-2012, 01:24 AM #5
The desktop icons that were there when funmoods was installed still don't work, but new ones will work. Google chrome won't download, that's the browser that had the toolbar installed to. The icons next to the start button disappeared when funnmoods was installed and they still haven't come back. Could funmoods be gone and have left damage? When i did a system restore the computer slowed down a lot and didn't restore anything that was lost before i came to this forum.

ComboFIx Log-

ComboFix 12-07-25.04 - Computer_2 07/25/2012 1:56.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2426 [GMT -4:00]
Running from: c:\documents and settings\Computer_2\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Computer_2\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-24 20:20 . 2012-07-25 06:02 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
2012-07-24 20:20 . 2012-07-24 20:20 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedyPC Software
2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\windows\Sun
2012-07-23 18:11 . 2012-07-23 18:14 -------- d-----w- c:\documents and settings\Computer_2
2012-07-20 21:01 . 2012-07-20 21:01 -------- d-----w- c:\program files\Common Files\Steam
2012-07-19 00:39 . 2012-07-20 22:52 -------- d-----w- c:\program files\smartdl
2012-07-18 23:35 . 2012-07-18 23:35 -------- d-----w- c:\program files\Legalsounds Download Manager
2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\program files\Common Files\Skype
2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----r- c:\program files\Skype
2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2012-07-16 16:27 . 2012-07-16 16:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 16:27 . 2012-07-16 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 00:32 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 18:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 18:27 . 2012-07-14 18:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IBUpdaterService
2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Toolbar
2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\program files\Common Files\Software Update Utility
2012-07-14 05:32 . 2005-04-15 23:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-07-14 05:32 . 2004-03-09 04:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-14 05:32 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-07-14 05:32 . 1998-06-24 04:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-14 05:32 . 2012-07-14 05:36 -------- d-----w- c:\program files\PDFCreator
2012-07-14 05:32 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-14 02:47 . 2012-07-20 22:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-14 02:47 . 2012-07-20 22:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-14 02:27 . 2012-07-20 22:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
2012-07-14 01:09 . 2012-07-21 04:31 -------- d-----w- c:\windows\Logs
2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\program files\Electronic Arts
2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
2012-07-12 20:33 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-07-12 20:33 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-07-08 20:32 . 2012-07-08 20:32 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Sun
2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 17:05 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-02 14:07 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-07-02 14:07 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-07-02 14:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-07-02 14:07 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-07-02 03:23 . 2012-07-02 12:37 -------- d-----w- c:\program files\Project64 1.6
2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Common Files\Java
2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Oracle
2012-07-02 02:52 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-02 02:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-02 02:52 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\program files\Java
2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2012-07-02 01:39 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-02 01:39 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\program files\iPod
2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\program files\iTunes
2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Apple Software Update
2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
2012-07-02 01:37 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-02 01:37 . 2012-04-25 16:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Bonjour
2012-07-02 01:37 . 2012-07-02 01:38 -------- d-----w- c:\program files\Common Files\Apple
2012-07-01 14:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-01 14:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-12-23 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-12-23 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-12-23 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-12-23 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-12-23 16:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-12-23 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-12-23 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-03-26 21:31 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-03-26 21:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2010-03-26 21:31 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-12-23 16:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-21 03:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-24_16.06.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-25 05:45 . 2012-07-25 05:45 16384 c:\windows\Temp\Perflib_Perfdata_654.dat
+ 2006-02-28 12:00 . 2012-07-24 21:04 68006 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-07-24 21:04 433176 c:\windows\system32\perfh009.dat
+ 2012-07-24 20:20 . 2012-07-24 20:20 890880 c:\windows\Installer\e83240.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - [N/A]
NETGEAR WPN311 Smart Wizard.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 21:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WPN311 Smart Wizard.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPN311 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WPN311 Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/2/2012 1:22 PM 1373576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/27/2008 8:11 PM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 2:56 PM 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 2:56 PM 22344]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/16/2012 12:27 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/20/2012 11:17 PM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 16:27]
.
2012-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\0eijv3ze.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 02:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(8100)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-25 02:03:54
ComboFix-quarantined-files.txt 2012-07-25 06:03
ComboFix2.txt 2012-07-24 16:11
.
Pre-Run: 228,202,258,432 bytes free
Post-Run: 228,195,135,488 bytes free
.
- - End Of File - - 0F8EA8E2D8EE8FF02DE563056892C64B
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
25-Jul-2012, 07:12 AM #6
It's quite possible that funmoods has left some damage and I can safely say it's gone for now. I think what you can do now is to reinstall programs that are not functioning as well.

Try it and let me know.
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
25-Jul-2012, 11:17 AM #7
It won't allow me to install google chrome because it says there may be an installation already in progress or it's being updated. It's not doing either of these things. I fixed the quick start icons. Hopefully removing then reinstalling the programs that won't work with the desktop icons will fix the.
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
25-Jul-2012, 10:40 PM #8
You may wish to uninstall some of your programs using Revo Uninstaller.

Download Revo Uninstaller
  • Double click the installation file on the desktop to run the installer.
  • Let it install to the default location.
  • Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.
  • Locate the program you are uninstalling
    Google Chrome
  • Right Click the Icon then choose Uninstall.
  • Click yes to the warning and choose the Uninstall Mode
  • Choose the Advanced option and then click Next.
  • This will launch the programs built in uninstaller. Be patient it can take several seconds.
  • Once the uninstaller is done click Next.
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • Once this scan is done click Next.
  • You will then be presented of the leftover entries found by Revo Uninstaller
  • Look at ALL of the entries to ensure they relate to the uninstall.
  • Next click Select All > Delete to remove the entries.
  • Click Next.
  • If there are any program file folders left over you will be presented with a list to be removed.
  • Again look at ALL of the entries to ensure they are related to the uninstall.
  • Click Select All > Delete to remove the entries.
  • Click Finish to go back to the uninstall list.
  • Close the program
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
26-Jul-2012, 11:21 AM #9
Google Chrome isn't listed anywhere on the uninstaller. Anything i remove i can't reinstall
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
26-Jul-2012, 12:40 PM #10
When you said you cannot reinstall, did you mean you encountered errors or some sort?
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
26-Jul-2012, 02:53 PM #11
It said Google update installation has failed with error 0x80040707
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
26-Jul-2012, 10:40 PM #12
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :filefind
    *chrome*
    
    :folderfind
    chrome
    
    :regfind
    chrome
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
27-Jul-2012, 10:03 PM #13
SystemLook 30.07.11 by jpshortstuff
Log created at 23:01 on 27/07/2012 by Computer_2
Administrator - Elevation successful

========== filefind ==========

Searching for "*chrome*"
C:\Documents and Settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\0eijv3ze.default\chromeappsstore.sqlite --a---- 98304 bytes [19:23 25/07/2012] [19:23 25/07/2012] F7CEBD0C5C09C552E38B601EF4398EE9
C:\Documents and Settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\masvvzic.default\chromeappsstore.sqlite --a---- 98304 bytes [19:49 26/07/2012] [19:49 26/07/2012] F7CEBD0C5C09C552E38B601EF4398EE9
C:\Documents and Settings\Computer_2\Application Data\Mozilla(3)\Firefox(2)\Profiles(2)\0eijv3ze(2).default\chromeappsstore. sqlite --a---- 98304 bytes [05:52 26/07/2012] [05:52 26/07/2012] F7CEBD0C5C09C552E38B601EF4398EE9
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\EGJMPSPD\browser_chrome[1].png --a---- 2386 bytes [17:16 25/07/2012] [17:16 25/07/2012] 013E9DA50A58BB8C9CC78CEAB2593AC6
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\EGJMPSPD\chrome-48[1].png --a---- 1834 bytes [17:10 25/07/2012] [17:10 25/07/2012] 3FE84B8B53D7401B32FABD0C70F211BB
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\chrome-42[1].png --a---- 1818 bytes [19:22 26/07/2012] [19:22 26/07/2012] 9E96D33A84930E518815C6293ECB4DB1
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\ChromeSetup[1].exe --a---- 739856 bytes [19:08 25/07/2012] [19:08 25/07/2012] 594A3B88C6E38DC74B04966EC5CD60A1
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\chrome_logo[1].gif --a---- 2262 bytes [17:10 25/07/2012] [17:10 25/07/2012] E51AB8D60CF9B63CB5DB72CF3521680B
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\gl_chrome_grad[1].png --a---- 379 bytes [17:18 25/07/2012] [17:18 25/07/2012] AB8E63E5B845080337B279148921F020
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\RLFKPIZQ\chrome_throbber_fast_16[1].gif --a---- 1548 bytes [17:10 25/07/2012] [17:10 25/07/2012] 00C51A8420DEA24FEE0C97D8D836DBF3
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\SFROZZ2C\chromebook_970x66_static[1].jpg --a---- 56933 bytes [19:10 25/07/2012] [19:10 25/07/2012] 6375C5E889A175AAC2FD0A95499E3130
C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\SFROZZ2C\ChromeSetup[1].exe --a---- 739856 bytes [17:10 25/07/2012] [17:11 25/07/2012] E4E8229CA6102570F32194347F7257D1
C:\Documents and Settings\Computer_2\My Documents\Downloads\ChromeSetup(1).exe --a---- 739856 bytes [19:56 26/07/2012] [19:56 26/07/2012] 5B1103E10DB4C984BBA1891BE5217607
C:\Documents and Settings\Computer_2\My Documents\Downloads\ChromeSetup.exe --a---- 739856 bytes [19:49 26/07/2012] [19:49 26/07/2012] 5B1103E10DB4C984BBA1891BE5217607
C:\Program Files\Mozilla Firefox\chrome.manifest --a---- 36 bytes [19:48 26/07/2012] [00:17 14/07/2012] 8F2E87A15606DE2AD90C1E6DEAED4624
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome.manifest --a---- 539 bytes [19:48 26/07/2012] [22:45 05/07/2012] 422D6A2B4139A99A4F5A049D527C6AAD
C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\chrome.manifest --a---- 0 bytes [14:41 30/11/2008] [04:54 06/11/2008] D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\ 3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8 -ra---- 29500 bytes [22:28 30/05/2008] [22:28 30/05/2008] E4A1F93E2DCEC1FDFF473D429D20373D
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\ 3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 -ra---- 1880 bytes [17:00 29/05/2008] [17:00 29/05/2008] 7ECCABD395D6116AC38152F395D68771
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest --a---- 1762 bytes [16:48 23/01/2009] [16:48 23/01/2009] C85089B86D79730B9E6A2185EAA96A72
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome.jar --a---- 10010 bytes [18:40 18/03/2009] [18:40 18/03/2009] 7B8018A8E2B62C35748420DE18F60661
C:\WINDOWS\Prefetch\CHROME.EXE-229B4BA7.pf --a---- 69078 bytes [12:14 21/08/2011] [01:58 21/07/2012] BF44C6CC47A83982BBD4C86B550F7F46
C:\WINDOWS\Prefetch\CHROMESETUP.EXE-14161758.pf --a---- 24442 bytes [19:50 26/07/2012] [19:56 26/07/2012] 4BBCFB230BBDE22596A6536E22332662

========== folderfind ==========

Searching for "chrome"
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome d------ [19:48 26/07/2012]
C:\Program Files\Mozilla Thunderbird\chrome d------ [14:41 30/11/2008]
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome d------ [20:29 12/09/2009]

========== regfind ==========

Searching for "chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\*]
"e"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg 32\OpenSaveMRU\exe]
"b"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
@="Chrome HTML Document"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
@="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command]
@=""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\DefaultIcon]
@="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\7692FC6BE18C0C048951 0C7547EF1F02]
"ChromePlugin"="FeatureMain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe]
"LocalizedString"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open \command]
@=""C:\Documents and Settings\Isaac.XPHT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription"="Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
"crx"="ChromeExt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\StartMenu]
"StartMenuInternet"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlh fpfgnpldfl]
"path"="C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"name"="Google Chrome binaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-cf]
"CommandLine"=""C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe" --multi-install --system-level --verbose-logging --quick-enable-cf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString"="C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString"="C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments"=" --uninstall --multi-install --chrome --system-level --verbose-logging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
"Method"="jchrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\chrome. exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path"="C:\Program Files\Google\Chrome\Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
@="C:\Program Files\Google\Chrome\Application\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers]
"C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers]
"C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers]
"C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Fold ers]
"C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\026CBE7C1CEB2D04A92127A4E4FC8C90]
"7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\skype_ff_extension.jar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\30CDBD1D3F0FD6B4F8ED38F5FBCFEFDE]
"7692FC6BE18C0C0489510C7547EF1F02"="02:\Software\Skype\Toolbars\Chrome\Watc her\WatcherPath"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\9607188EF8F48B943A1780EDF02D704A]
"7692FC6BE18C0C0489510C7547EF1F02"="02:\Software\Skype\Toolbars\Chrome\Plug in\UninstallString"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\99AE00D278179BA4DBA8EA92BCB8E2F6]
"7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome.manifest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\A4E74624CB1FFEA4184C365D7574FCC8]
"7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\B0BD1890CAD3A1E4D96E77A45D17EA40]
"26DDC2EC4210AC63483DF9D4FCC5B59D"="C:\WINDOWS\Microsoft.NET\Framework\v3.5 \Windows Presentation Foundation\DotNetAssistantExtension\chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\CFAEE8B8C06925F4AA1CB1BE032C2D5D]
"7692FC6BE18C0C0489510C7547EF1F02"="01:\Software\Skype\Toolbars\Chrome\Plug in\UninstallString"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Components\E6E24F2923B234C45BE71A06243C48E7]
"7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\User Data\S-1-5-18\Products\7692FC6BE18C0C0489510C7547EF1F02\Features]
"ChromePlugin"="*dNIX'42~?F_}TouMp-yI+stDh59m@1E=3N~%E}pLH]7WkCJS@_'q'G,]EaPz%x6nMZWg?w^3zAEp3u7%,YqTmQ!RAFcuWtoBKfmmdlfs_Xyc?z-dFpaC.f]FeatureMain"
[HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator\PDFSpooler]
"ProcessWithLessPrivileges"="iexplore.exe|chrome.exe|acrord32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Google Chrome"="Software\Clients\StartMenuInternet\Google Chrome\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Toolbars\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Toolbars\Chrome\Plugin]
"UninstallString"="msiexec /i {B6CF2967-C81E-40C0-9815-C05774FEF120} REMOVE=ChromePlugin /qb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Toolbars\Chrome\Plugin]
"UninstallStringSilent"="msiexec /i {B6CF2967-C81E-40C0-9815-C05774FEF120} REMOVE=ChromePlugin /qn REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_USERS\S-1-5-21-1229272821-2025429265-682003330-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMR U\*]
"e"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"
[HKEY_USERS\S-1-5-21-1229272821-2025429265-682003330-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMR U\exe]
"b"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"

-= EOF =-
Conspire's Avatar
Conspire Conspire is offline Conspire is authorized to help remove malware.
Malware Removal Specialist with 433 posts.
 
Join Date: Feb 2011
Location: Malaysia
Experience: Intermediate
28-Jul-2012, 08:52 AM #14
Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

1. Before we make changes to your registry, we need to make a back up of the key that we are going to work on:

Backing Up Your Registry
  1. Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE


If there is a fatal error you can simply double click on the reg file you just created to restore the registry to the state it was in before you began.
Warning. Do not click it except if I tell you to do so. Double clicking it will reintroduce the malware to your computer and can have other unexpected effects.

2. Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe] 
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Chrome"=-


[-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromeHTML] 
[-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\chrome.exe] 
[HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications]
"Chrome"=-


[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chrome]
[-HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
[-HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}]


[-HKEY_CURRENT_USER\Software\Google\Update\Clients\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}]
[-HKEY_CURRENT_USER\Software\Google\Update\ClientState\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}]


[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}]


[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
Make sure there are NO blank lines before Windows Registry Editor Version 5.00

Then double-click on the fix.reg file, and when it prompts to merge say yes. Then reboot.

===================================================

Go to the Start menu > Run.

Enter one of the following commands in the text field :

Windows XP:%USERPROFILE%\Local Settings\Application Data\Google

Delete the Chrome folder in the directory that opens.

Let me know if there are any issues.
nygiantsfan87's Avatar
nygiantsfan87 nygiantsfan87 is offline
Computer Specs
Member with 40 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
28-Jul-2012, 02:12 PM #15
Cannont import C:/Documents and Settings\Computer_2\Desktop\fix.reg: The specified file is not a registry script. You can only import binary files from within the registry editor.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2