Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Solved: 100% cpu usage


(!)

mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
09-Oct-2013, 06:17 PM #1
Solved: 100% cpu usage
have 1.99gb ram but lately inspiron laptop using 100% cpu even if i have nothing opened. any clues? thanks.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
09-Oct-2013, 10:25 PM #2
Download and save the

TSG System Information Utility (SysInfo.exe)

After it's been downloaded and saved, double-click it to run it.

Information about your computer will appear.

Return here to your thread, then copy-and-paste the ENTIRE text here.

-------------------------------------------------------

Go here and click the large green "Download" button to download and save HiJackThis 2.0.5 (HijackThis.exe)

After it's been downloaded and saved, close all open windows.

Double-click it and allow its main window to load.

Uncheck "Do not show this window when I start HiJackThis".

Click "Do a system scan and save a log file".

When the scan is finished in 30 - 60 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the ENTIRE log file here.

-------------------------------------------------------
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
10-Oct-2013, 06:27 AM #3
thanks for your speedy reply. i pasted the info from both sources below. i could not copy a list of things that had boxes to the left of each item to check or uncheck when using hijack this.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Celeron(R) M processor 1.30GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 2039 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 96 Mb
Hard Drives: C: Total - 28607 MB, Free - 9128 MB;
Motherboard: Dell Inc.,
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:25:50 AM, on 10/10/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 24.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\tom\My Documents\Downloads\HijackThis(1).exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid...58&lg=EN&cc=US
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: SelectionLinksBHO - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: (no name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (file missing)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - (no file)
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r /c "C:\Program Files\CheckPoint\Install\Install.xml"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SPMTray] "C:\Program Files\PC Speed Maximizer\SPMTray.exe"
O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/67.17/uploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10712 bytes
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
10-Oct-2013, 08:42 AM #4
Your HijackThis log shows a number of issues with your computer:

1. It's infested with threats.

2. It has too many programs and services auto-starting and running in the background.

3. Registry/file "cleaner/fixer" type utilities are being used in it.

4. Unneeded add-ons are installed.

Let's deal with the threat problem first, then we'll go from there.

Do the following in the order listed.

--------------------------------------------------------

Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Note: The "Clean" and "Report" buttons will be grayed out for now.

Click the "Scan" button, then allow the scanning process to finish.

Click the "Clean" button, then click "OK".

Allow the cleaning process to finish.

When it's finished, click "OK" in each window that appears.

The computer will restart.

When the log appears during restart, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

--------------------------------------------------------

Download and save and then install the free version of

Malwarebytes Anti-Malware 1.75.0.1300

SUPERAntiSpyware 5.6.0.1040

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

After they're installed and updated, DON'T do anything else with them yet.

--------------------------------------------------------

Last edited by flavallee; 11-Oct-2013 at 07:43 AM..
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
10-Oct-2013, 07:11 PM #5
thanks again for your help. here is the first item you asked for:

# AdwCleaner v3.007 - Report created 10/10/2013 at 20:01:06
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : tom - TOM-4F9309974A5
# Running from : C:\Documents and Settings\tom\Local Settings\Temp\dlm2D.tmp\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater
[#] Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PCFixSpeed
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\savennshare
Folder Deleted : C:\Documents and Settings\All Users\Application Data\sayfE savee
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Seeaerch-NewTab
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\EZDownloader
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\EZDownloader
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Program Files\SafeSaver
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\MixiDJ_V42
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\Coupon Companion Plugin
Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\DownloadTerms
Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\MixiDJ_V42
Folder Deleted : C:\Documents and Settings\tom\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\tom\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\tom\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\tom\Application Data\EZDownloader
Folder Deleted : C:\Documents and Settings\tom\Application Data\Media Finder
Folder Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Documents and Settings\tom\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\tom\Application Data\PCFixSpeed
Folder Deleted : C:\Documents and Settings\tom\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\tom\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\tom\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\tom\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\tom\Application Data\SpeedyPC Software
Folder Deleted : C:\Documents and Settings\tom\Application Data\strongvault
Folder Deleted : C:\Documents and Settings\tom\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\tom\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\tom\Start Menu\Programs\Browser Manager
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\tom\Desktop\Continue SweetIM Installation.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\searchplugins\WebSearch.xml
File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\I Want This
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\MixiDJ_V42
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\MixiDJ_V42
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V42 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V42 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CE C23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\prefs.js ]

Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN17228480252037812");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN17228480252037812.IN.20131010195958");
Line Deleted : user_pref("CT3310511.installDate", "10/10/2013 20:00:14");
Line Deleted : user_pref("CT3310511.installSessionId", "{E5F91AAE-A8BE-4AA4-908B-32D5E2454A29}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "WebSearch");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "WebSearch");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.3.20");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN17228480252037812&UM=2&SearchSource=3& q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN17228480252037812&UM=2&SearchSource=13");
Line Deleted : user_pref("extensions.51e60ec90b226.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';s[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN17228480252037812&UM=2& q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN17228480252037812&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN17228480252037812&UM=2& q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.machineId", "YKGLZZK7EUONGU1DY7HMOQCENBQAHRDSBKUOLKRS06GOBNCEK0HXKQBWSS8AVXE62VTT+TWQJT LPOL389XMCLA");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Documents and Settings\tom\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [27786 octets] - [10/10/2013 19:58:12]
AdwCleaner[S0].txt - [29560 octets] - [10/10/2013 20:01:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29621 octets] ##########
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
11-Oct-2013, 07:52 AM #6
Your AdwCleaner log shows a LOT of threats were found and deleted, so you need to follow my previous instructions and run it again.

The new log needs to be submitted so we can insure all threats were found and deleted.

-----------------------------------------------------------

The log also shows that you've been using PCFixSpeed and SpeedyPC and DriverCure and possibly other "cleaner/fixer" type programs.

These type of programs can damage Windows and damage programs and generate error messages and wreak havoc with a computer.

Avoid using them, no matter what they claim they can do.

-----------------------------------------------------------

Have you completed the third part of post #4?

-----------------------------------------------------------
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
11-Oct-2013, 05:41 PM #7
will run the adwcleaner again right after sending this note. never heard of pcfixspeed, speedypc or drivercure or any other cleaner/fixer type of programs. have no idea how they got on my computer.

yes, i downloaded malwarebytes and super antispyware but have not run them. thanks for all your help.
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
11-Oct-2013, 06:11 PM #8
here are the results of running adw cleaner just a minute ago:

# AdwCleaner v3.007 - Report created 11/10/2013 at 19:03:24
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : tom - TOM-4F9309974A5
# Running from : C:\Documents and Settings\tom\Local Settings\Temp\dlm6.tmp\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\DOCUME~1\tom\LOCALS~1\Temp\CT3310511
Folder Deleted : C:\Documents and Settings\tom\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\CT3310511
Folder Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\searchplugins\MyStart Search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\tom\Local Settings\Temp\SweetIMSetup_20130903.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPoli cy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\tom\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [27786 octets] - [10/10/2013 19:58:12]
AdwCleaner[R1].txt - [2752 octets] - [11/10/2013 19:02:20]
AdwCleaner[S0].txt - [29702 octets] - [10/10/2013 20:01:06]
AdwCleaner[S1].txt - [2729 octets] - [11/10/2013 19:03:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2789 octets] ##########
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
11-Oct-2013, 08:12 PM #9
The second scan and clean with AdwCleaner found several more threats, so you need to do a third scan and clean.

Hopefully, that log will come up clean.

Hold off doing anything with MBAM and SAS for now until I give you detailed instructions for them.

---------------------------------------------------------

How many people use that computer?

--------------------------------------------------------
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
12-Oct-2013, 05:39 AM #10
i am the only person who uses the computer. could be was inattentive to the various "addons" that sometimes are offered when downloading a program. now read all the boxes before proceeding.

here is what the third run of adw cleaner came up with:

# AdwCleaner v3.007 - Report created 12/10/2013 at 06:31:17
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : tom - TOM-4F9309974A5
# Running from : C:\Documents and Settings\tom\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\tom\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [27786 octets] - [10/10/2013 19:58:12]
AdwCleaner[R1].txt - [2752 octets] - [11/10/2013 19:02:20]
AdwCleaner[R2].txt - [1206 octets] - [12/10/2013 06:30:14]
AdwCleaner[S0].txt - [29702 octets] - [10/10/2013 20:01:06]
AdwCleaner[S1].txt - [2869 octets] - [11/10/2013 19:03:24]
AdwCleaner[S2].txt - [1128 octets] - [12/10/2013 06:31:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1188 octets] ##########
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
12-Oct-2013, 07:55 AM #11
Quote:
could be was inattentive to the various "addons" that sometimes are offered when downloading a program. now read all the boxes before proceeding.
That's why I advise and encourage people to carefully read each window that appears during the install or update process of a program.

In most cases, this allows you the option of unchecking or declining to install unneeded toolbars and other unneeded extras.

----------------------------------------------------------
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
12-Oct-2013, 07:58 AM #12
The third AdwCleaner log looks okay, so let's proceed with the other 2 security programs.

Follow these instructions carefully, and DON'T use the computer while each scan is in progress.

-----------------------------------------------------------

Start Malwarebytes Anti-Malware.

Click "Scanner(tab) - Perform quick scan - Scan".

If infections or problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Show Results".

Make sure that EVERYTHING is selected, then click "Remove Selected".

If you're prompted to restart to finish the removal process, click "Yes".

Start Malwarebytes Anti-Malware again.

Click "Logs"(tab).

Highlight the scan log entry, then click "Open".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------

Start SUPERAntiSpyware.

Select the "Quick Scan" option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

-----------------------------------------------------------
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
12-Oct-2013, 09:05 AM #13
here is the malwarebytes log which had seven entries:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6644

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/22/2011 7:51:53 PM
mbam-log-2011-05-22 (19-51-53).txt

Scan type: Quick scan
Objects scanned: 150110
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6644

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/22/2011 8:30:54 AM
mbam-log-2011-10-22 (08-30-54).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TOM-4F9309974A5 [administrator]

3/14/2012 8:38:16 AM
mbam-log-2012-03-14 (08-38-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189519
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 47e5c26741d63a35751c41db3908e9af -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Documents and Settings\tom\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Application Data\bytewdownload\installmanager.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TOM-4F9309974A5 [administrator]

5/19/2012 7:19:28 PM
mbam-log-2012-05-19 (19-19-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202081
Time elapsed: 16 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: a77e7498f725e26c08768464f9a6f1b1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Documents and Settings\tom\Local Settings\Temp\air379.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\air1F2.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\air7C7.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\is324156961\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TOM-4F9309974A5 [administrator]

5/31/2012 6:03:18 PM
mbam-log-2012-05-31 (18-03-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204841
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.

(end)


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TOM-4F9309974A5 [administrator]

6/1/2012 7:03:02 PM
mbam-log-2012-06-01 (19-03-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250731
Time elapsed: 2 hour(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141993.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141991.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141992.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141995.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142016.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142017.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142020.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142021.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP520\A0142328.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TOM-4F9309974A5 [administrator]

10/12/2013 9:24:39 AM
mbam-log-2013-10-12 (09-24-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216189
Time elapsed: 22 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{453B56D6-9589-5512-37B4-B4A94B3A6C60} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclm lieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Documents and Settings\All Users\Application Data\0 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\0\Setup (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\ct3314312 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 25
C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\InstallMate\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\InstallMate\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\My Documents\Downloads\iLividSetup-r1045-n-bf.exe.part (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\My Documents\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\My Documents\Downloads\YTDSetup.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\My Documents\Downloads\[GAY PORNO] 3 MOVIES OF SEAN CODY !.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\dlm2D.tmp\sweetpacks0913.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\00294823\3HItcccp.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\00294823\mSyblAZ.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\18be6784\GXY5mqi.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\18be6784\ifnNkS.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Addons\newtab_setup.exe (PUP.Optional.PreLoader.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Addons\OptimizerProInstaller.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Local Settings\Temp\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Addons\web_assistant_v2.exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\31173da3.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Documents and Settings\tom\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

starting the super antispyware now.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 58,926 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
12-Oct-2013, 09:15 AM #14
Quote:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TOM-4F9309974A5 [administrator]

10/12/2013 9:24:39 AM
mbam-log-2013-10-12 (09-24-39).txt
All I wanted was the above log with the current version 1.75.0.1300 and today's date.

It looks like it found and removed 13 registry, 3 folder, and 25 file threats.

-----------------------------------------------
mardigrasvet's Avatar
mardigrasvet mardigrasvet is offline
Member with 412 posts.
THREAD STARTER
 
Join Date: Mar 2004
12-Oct-2013, 09:28 AM #15
thanks. figured sending you too much would be better than having you ask again. here is the super antispyware info:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/12/2013 at 10:21 AM

Application Version : 5.6.1040

Core Rules Database Version : 10824
Trace Rules Database Version: 8636

Scan type : Quick Scan
Total Scan Time : 00:13:52

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 31690
Registry threats detected : 0
File items scanned : 7017
File threats detected : 21

Adware.Tracking Cookie
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑