1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Funmoods in Registry. Please Help!

Discussion in 'Virus & Other Malware Removal' started by nygiantsfan87, Jul 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    Accidentally installed funmoods toolbar and it's effecting my desktop icons, downloads, and sigmatel IDT systray won't end when i shut down the computer.

    Computer Specs-

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz, x86 Family 15 Model 4 Stepping 4
    Processor Count: 2
    RAM: 3069 Mb
    Graphics Card: ATI Radeon HD 3600 Series, 1024 Mb
    Hard Drives: C: Total - 238464 MB, Free - 215774 MB; D: Total - 38154 MB, Free - 38086 MB; E: Total - 305242 MB, Free - 305160 MB;
    Motherboard: Intel Corporation, D945GPM
    Antivirus: None

    hijackthis-

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:46:03 PM, on 7/22/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Computer\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.paretologic.com/redirect...T=1&INSTALLDATELOCAL=22:21:59 20-07-2012&key=
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
    O3 - Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - (no file)
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\isaac~1.xph\locals~1\temp\cdm\{5646f86a-7942-455c-9184-eb857ce2968a}\STacSV.exe (file missing)

    --
    End of file - 8128 bytes

    dds-

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.1
    Run by Computer at 21:46:58 on 2012-07-22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2470 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = hxxp://www.paretologic.com/redirect/?aid=3&vid=1&lid=en&uid=0&cpid=129&pid=31&FROMSCHEDULE=1&INSTALLDATE=02:21:59%2021-07-2012&SCANCOUNT=1&BUTTON=0&OUTDATED_COUNT=1315&SCANTIME=&RUNCOUNT=1&INSTALLDATELOCAL=22:21:59%2020-07-2012&key=
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
    TB: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No File
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DA34BFDA-947E-401E-BFA3-8604C4FA0442} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\computer\application data\mozilla\firefox\profiles\9bx2zv4v.default\
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 136176]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-2 1373576]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-27 10384]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 655944]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 22344]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-7-21 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-20 113120]
    .
    =============== Created Last 30 ================
    .
    2012-07-23 01:03:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2012-07-21 04:39:16 -------- d-----w- c:\documents and settings\computer\local settings\application data\Electronic_Arts_Inc
    2012-07-21 04:28:59 -------- d-----w- c:\documents and settings\computer\local settings\application data\Temp
    2012-07-21 03:35:08 -------- d-----w- c:\documents and settings\computer\application data\Malwarebytes
    2012-07-21 02:43:33 -------- d-----w- c:\documents and settings\computer\local settings\application data\Sun
    2012-07-21 02:34:28 -------- d-----w- c:\documents and settings\computer\local settings\application data\Google
    2012-07-21 02:34:28 -------- d-----w- c:\documents and settings\computer\application data\SpeedyPC Software
    2012-07-21 02:21:57 -------- d-----w- c:\documents and settings\computer\application data\DriverCure
    2012-07-21 02:21:49 -------- d-----w- c:\documents and settings\all users.windows\application data\SpeedyPC Software
    2012-07-21 02:16:38 -------- d-----w- c:\documents and settings\computer\local settings\application data\Mozilla
    2012-07-21 02:12:02 -------- d-----w- c:\documents and settings\computer\local settings\application data\LogMeIn Hamachi
    2012-07-21 02:12:02 -------- d-----w- c:\documents and settings\computer\local settings\application data\ATI
    2012-07-21 02:11:51 -------- d-----w- c:\documents and settings\computer\local settings\application data\Microsoft
    2012-07-20 21:01:06 -------- d-----w- c:\program files\common files\Steam
    2012-07-19 00:39:57 -------- d-----w- c:\program files\smartdl
    2012-07-18 23:35:03 -------- d-----w- c:\program files\Legalsounds Download Manager
    2012-07-18 22:59:27 -------- d-----r- c:\program files\Skype
    2012-07-16 16:27:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-16 16:27:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-16 00:32:57 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-07-14 18:56:30 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
    2012-07-14 18:56:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-14 18:56:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-14 18:27:30 -------- d-----w- c:\documents and settings\all users.windows\application data\IBUpdaterService
    2012-07-14 18:27:27 17464 ----a-w- c:\windows\system32\roboot.exe
    2012-07-14 18:26:59 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-07-14 05:34:44 -------- d-----w- c:\documents and settings\all users.windows\application data\AOL Toolbar
    2012-07-14 05:34:42 -------- d-----w- c:\program files\common files\Software Update Utility
    2012-07-14 05:32:45 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2012-07-14 05:32:45 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
    2012-07-14 05:32:45 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2012-07-14 05:32:45 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-07-14 05:32:43 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2012-07-14 05:32:43 -------- d-----w- c:\program files\PDFCreator
    2012-07-14 05:32:10 -------- d-----w- c:\documents and settings\all users.windows\application data\BasicScan
    2012-07-14 02:47:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-14 02:47:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-14 02:27:02 -------- d-----w- c:\documents and settings\all users.windows\application data\Tarma Installer
    2012-07-14 01:09:51 -------- d-----w- c:\windows\Logs
    2012-07-14 01:09:49 -------- d-----w- c:\documents and settings\all users.windows\application data\Electronic Arts
    2012-07-12 20:33:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2012-07-12 20:33:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2012-07-05 22:45:34 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    2012-07-05 17:05:26 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-07-02 14:07:24 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-07-02 14:07:24 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-07-02 14:07:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-07-02 14:07:23 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-07-02 03:23:54 -------- d-----w- c:\program files\Project64 1.6
    2012-07-02 02:52:16 -------- d-----w- c:\program files\Oracle
    2012-07-02 02:52:10 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-02 02:52:10 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-02 02:52:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-02 01:39:07 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-07-02 01:39:07 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-02 01:38:23 -------- d-----w- c:\program files\iPod
    2012-07-02 01:38:18 -------- d-----w- c:\program files\iTunes
    2012-07-02 01:38:18 -------- d-----w- c:\documents and settings\all users.windows\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-07-02 01:37:47 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-02 01:37:47 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-07-02 01:37:33 -------- d-----w- c:\program files\Bonjour
    2012-07-01 14:53:21 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-07-01 14:53:21 3072 ------w- c:\windows\system32\iacenc.dll
    .
    ==================== Find3M ====================
    .
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 21:47:34.68 ===============

    attach-

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/23/2008 11:16:47 AM
    System Uptime: 7/22/2012 9:12:24 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | D945GPM
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | J3E1 | 3200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 211.094 GiB free.
    D: is FIXED (NTFS) - 37 GiB total, 37.194 GiB free.
    E: is FIXED (NTFS) - 298 GiB total, 298.008 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Ethernet Controller
    Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
    Manufacturer:
    Name: Ethernet Controller
    PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_309C8086&REV_00\4&6C79FC5&0&00E0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\AWY0001\4&3036D68D&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\AWY0001\4&3036D68D&0
    Service:
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_544E8086&REV_01\3&61AAA01&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_544E8086&REV_01\3&61AAA01&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    RP158: 7/1/2012 11:50:44 AM - System Checkpoint
    RP159: 7/1/2012 11:59:11 AM - Software Distribution Service 3.0
    RP160: 7/1/2012 2:59:44 PM - Removed Logitech Harmony Remote Software 7
    RP161: 7/1/2012 9:38:09 PM - Installed iTunes
    RP162: 7/1/2012 10:51:52 PM - Installed Java(TM) 7 Update 5
    RP163: 7/1/2012 10:52:15 PM - Installed JavaFX 2.1.1
    RP164: 7/1/2012 11:23:54 PM - Installed Project64 1.6
    RP165: 7/2/2012 2:31:32 AM - Removed Project64 1.6
    RP166: 7/2/2012 8:37:54 AM - Installed Project64 1.6
    RP167: 7/3/2012 9:30:25 AM - System Checkpoint
    RP168: 7/4/2012 10:45:34 AM - System Checkpoint
    RP169: 7/5/2012 12:36:23 AM - Installed LogMeIn Hamachi
    RP170: 7/5/2012 3:23:20 PM - Removed LogMeIn Hamachi
    RP171: 7/6/2012 4:03:43 PM - System Checkpoint
    RP172: 7/7/2012 4:41:59 PM - System Checkpoint
    RP173: 7/9/2012 2:15:50 PM - System Checkpoint
    RP174: 7/10/2012 4:21:17 PM - System Checkpoint
    RP175: 7/12/2012 1:41:22 PM - Software Distribution Service 3.0
    RP176: 7/13/2012 1:59:46 PM - System Checkpoint
    RP177: 7/13/2012 9:11:24 PM - Installed DirectX
    RP178: 7/14/2012 1:32:57 AM - Printer Driver PDFCreator Installed
    RP179: 7/14/2012 1:36:35 AM - Printer Driver PDFCreator Installed
    RP180: 7/14/2012 2:26:58 PM - Installed LogMeIn Hamachi
    RP181: 7/14/2012 2:38:05 PM - Software Distribution Service 3.0
    RP182: 7/15/2012 11:19:06 PM - System Checkpoint
    RP183: 7/16/2012 1:53:39 AM - Installed Steam
    RP184: 7/16/2012 2:18:40 AM - Removed Steam
    RP185: 7/17/2012 1:42:03 PM - System Checkpoint
    RP186: 7/18/2012 9:34:45 PM - System Checkpoint
    RP187: 7/19/2012 11:07:52 AM - Software Distribution Service 3.0
    RP188: 7/20/2012 4:59:52 PM - Restore Operation
    RP189: 7/20/2012 10:33:17 PM - Restore Operation
    RP190: 7/22/2012 8:57:31 PM - Installed Windows XP KB942288-v3.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    AutoUpdate
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    CDDRV_Installer
    Critical Update for Windows Media Player 11 (KB959772)
    DivX Codec
    DivX Converter
    Download Updater (AOL Inc.)
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    iTunes
    Java Auto Updater
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    KhalInstallWrapper
    Legalsounds Download Manager
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Logitech SetPoint
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WinUsb 1.0
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Need For Speed™ World
    NETGEAR WPN311 Wireless Adapter
    PDFCreator
    Project64 1.6
    Realtek High Definition Audio Driver
    Remote Control USB Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Skins
    Skype Click to Call
    Skype™ 5.10
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    WebFldrs XP
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/22/2012 4:31:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 4:31:34 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    7/22/2012 4:30:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    7/22/2012 4:30:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/20/2012 6:58:13 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    7/20/2012 6:56:51 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    7/20/2012 5:54:06 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
    7/20/2012 5:51:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    7/20/2012 5:05:10 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E2ABF0CC9. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    7/20/2012 10:38:13 PM, error: Service Control Manager [7000] - The Audio Service service failed to start due to the following error: The system cannot find the path specified.
    7/18/2012 7:31:54 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 7A7900000000. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    .
    ==== End Of File ===========================

    GMER-

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-22 23:07:54
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 ST325082 rev.3.AA
    Running: 4r2200o0.exe; Driver: C:\DOCUME~1\Computer\LOCALS~1\Temp\fxtdipow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9881000, 0x1894F8, 0xE8000020]
    ? C:\DOCUME~1\Computer\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0116B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[740] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0141B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[740] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0141B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[740] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 0141B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- EOF - GMER 1.0.15 ----
     
  2. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Hello there, nygiantsfan87

    Welcome to TSG

    I'm Conspire, I'll be glad to help you with your computer problems.

    Please observe these rules while we work:
    • Read the entire procedure
    • It is important to perform ALL actions in sequence.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Stick with me till you're given the all clear.
    • Remember, absence of symptoms does not mean the infection is all gone.
    • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


    IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

    ---------------------------------------------------------------------------------------------------

    Also note that I will not respond to this thread if I don't receive your reply for 3 days.

    ---------------------------------------------------------------------------------------------------

    Please read through these instructions to familiarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================

    Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

    ====================================================


    Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
     
  3. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    Thanks for the Help

    Combofix-

    ComboFix 12-07-25.04 - Computer_2 07/24/2012 12:01:08.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2356 [GMT -4:00]
    Running from: c:\documents and settings\Computer_2\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users.WINDOWS\Application Data\9d76d84a221031d1cc5e7282c7f5ef1a_c
    c:\documents and settings\All Users.WINDOWS\Application Data\BasicScan
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\roboot.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BASICSCAN_SERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 14:31 . 2012-07-24 14:31 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedyPC Software
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\windows\Sun
    2012-07-23 18:11 . 2012-07-23 18:14 -------- d-----w- c:\documents and settings\Computer_2
    2012-07-20 21:01 . 2012-07-20 21:01 -------- d-----w- c:\program files\Common Files\Steam
    2012-07-19 00:39 . 2012-07-20 22:52 -------- d-----w- c:\program files\smartdl
    2012-07-18 23:35 . 2012-07-18 23:35 -------- d-----w- c:\program files\Legalsounds Download Manager
    2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\program files\Common Files\Skype
    2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----r- c:\program files\Skype
    2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
    2012-07-16 16:27 . 2012-07-16 16:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-16 16:27 . 2012-07-16 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-16 00:32 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-14 18:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-14 18:27 . 2012-07-14 18:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IBUpdaterService
    2012-07-14 18:27 . 2012-07-24 16:05 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
    2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Toolbar
    2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2012-07-14 05:32 . 2005-04-15 23:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-07-14 05:32 . 2004-03-09 04:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2012-07-14 05:32 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2012-07-14 05:32 . 1998-06-24 04:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
    2012-07-14 05:32 . 2012-07-14 05:36 -------- d-----w- c:\program files\PDFCreator
    2012-07-14 05:32 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2012-07-14 02:47 . 2012-07-20 22:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-14 02:47 . 2012-07-20 22:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-14 02:27 . 2012-07-20 22:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
    2012-07-14 01:09 . 2012-07-21 04:31 -------- d-----w- c:\windows\Logs
    2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\program files\Electronic Arts
    2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
    2012-07-12 20:33 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2012-07-12 20:33 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2012-07-08 20:32 . 2012-07-08 20:32 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Sun
    2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-07-05 17:05 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-07-02 14:07 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-07-02 14:07 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-07-02 14:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-07-02 14:07 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-07-02 03:23 . 2012-07-02 12:37 -------- d-----w- c:\program files\Project64 1.6
    2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Common Files\Java
    2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Oracle
    2012-07-02 02:52 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-02 02:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-02 02:52 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\program files\Java
    2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
    2012-07-02 01:39 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-07-02 01:39 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\program files\iPod
    2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\program files\iTunes
    2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Apple Software Update
    2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
    2012-07-02 01:37 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-02 01:37 . 2012-04-25 16:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Bonjour
    2012-07-02 01:37 . 2012-07-02 01:38 -------- d-----w- c:\program files\Common Files\Apple
    2012-07-01 14:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-07-01 14:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2008-12-23 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2008-12-23 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2008-12-23 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2008-12-23 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2008-12-23 16:12 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2008-12-23 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2008-12-23 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2010-03-26 21:31 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18 . 2010-03-26 21:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2010-03-26 21:31 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2008-12-23 16:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-14 00:17 . 2012-07-21 03:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
    .
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - [N/A]
    NETGEAR WPN311 Smart Wizard.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-11-07 21:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WPN311 Smart Wizard.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPN311 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN311 Smart Wizard.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
    "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6/27/2012 12:29 PM 1385896]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/27/2008 8:11 PM 10384]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 2:56 PM 655944]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 2:56 PM 22344]
    S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/16/2012 12:27 PM 250056]
    S3 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/20/2012 11:17 PM 113120]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 16:27]
    .
    2012-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\0eijv3ze.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-24 12:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(632)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    .
    - - - - - - - > 'explorer.exe'(7924)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\windows\system32\acs.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-24 12:11:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-24 16:11
    .
    Pre-Run: 228,568,039,424 bytes free
    Post-Run: 228,608,008,192 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - F30C67CAE4A2F90CB3569D36D1C7C4DF
     
  4. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Hi,

    You're welcome :)

    Please follow all previous instructions regarding security programs.

    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

    Code:
    DDS::
    BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
    uInternet Connection Wizard,ShellNext = hxxp://www.paretologic.com/redirect/?aid=3&vid=1&lid=en&uid=0&cpid=129&pid=31&FROMSCHEDULE=1&INSTALLDATE=02:21: 59%2021-07-2012&SCANCOUNT=1&BUTTON=0&OUTDATED_COUNT=1315&SCANTIME=&RUNCOUNT=1&INSTALLD ATELOCAL=22:21:59%2020-07-2012&key=
    

    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
    • Click save
    Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

    This will start ComboFix again.Close all browser/windows first.

    When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    [​IMG]

    ===================================================

    On your next reply please post :
    Combofix log
    Are there any improvements?


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
     
  5. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    The desktop icons that were there when funmoods was installed still don't work, but new ones will work. Google chrome won't download, that's the browser that had the toolbar installed to. The icons next to the start button disappeared when funnmoods was installed and they still haven't come back. Could funmoods be gone and have left damage? When i did a system restore the computer slowed down a lot and didn't restore anything that was lost before i came to this forum.

    ComboFIx Log-

    ComboFix 12-07-25.04 - Computer_2 07/25/2012 1:56.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2426 [GMT -4:00]
    Running from: c:\documents and settings\Computer_2\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Computer_2\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 20:20 . 2012-07-25 06:02 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
    2012-07-24 20:20 . 2012-07-24 20:20 -------- d-----w- c:\program files\LogMeIn Hamachi
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedyPC Software
    2012-07-23 18:15 . 2012-07-23 18:15 -------- d-----w- c:\windows\Sun
    2012-07-23 18:11 . 2012-07-23 18:14 -------- d-----w- c:\documents and settings\Computer_2
    2012-07-20 21:01 . 2012-07-20 21:01 -------- d-----w- c:\program files\Common Files\Steam
    2012-07-19 00:39 . 2012-07-20 22:52 -------- d-----w- c:\program files\smartdl
    2012-07-18 23:35 . 2012-07-18 23:35 -------- d-----w- c:\program files\Legalsounds Download Manager
    2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\program files\Common Files\Skype
    2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----r- c:\program files\Skype
    2012-07-18 22:59 . 2012-07-18 22:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
    2012-07-16 16:27 . 2012-07-16 16:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-16 16:27 . 2012-07-16 16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-16 00:32 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2012-07-14 18:56 . 2012-07-14 18:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-14 18:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-14 18:27 . 2012-07-14 18:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IBUpdaterService
    2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AOL Toolbar
    2012-07-14 05:34 . 2012-07-14 05:34 -------- d-----w- c:\program files\Common Files\Software Update Utility
    2012-07-14 05:32 . 2005-04-15 23:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-07-14 05:32 . 2004-03-09 04:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2012-07-14 05:32 . 2001-10-28 20:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2012-07-14 05:32 . 1998-06-24 04:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
    2012-07-14 05:32 . 2012-07-14 05:36 -------- d-----w- c:\program files\PDFCreator
    2012-07-14 05:32 . 1998-07-06 04:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2012-07-14 02:47 . 2012-07-20 22:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-14 02:47 . 2012-07-20 22:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-14 02:27 . 2012-07-20 22:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Tarma Installer
    2012-07-14 01:09 . 2012-07-21 04:31 -------- d-----w- c:\windows\Logs
    2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\program files\Electronic Arts
    2012-07-14 01:09 . 2012-07-14 01:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Electronic Arts
    2012-07-12 20:33 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2012-07-12 20:33 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2012-07-08 20:32 . 2012-07-08 20:32 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Sun
    2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-07-05 17:05 . 2009-03-18 21:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2012-07-02 14:07 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-07-02 14:07 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-07-02 14:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-07-02 14:07 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-07-02 03:23 . 2012-07-02 12:37 -------- d-----w- c:\program files\Project64 1.6
    2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Common Files\Java
    2012-07-02 02:52 . 2012-07-02 02:52 -------- d-----w- c:\program files\Oracle
    2012-07-02 02:52 . 2012-05-04 23:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-02 02:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-02 02:52 . 2012-05-04 23:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\program files\Java
    2012-07-02 02:51 . 2012-07-02 02:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
    2012-07-02 01:39 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-07-02 01:39 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\program files\iPod
    2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\program files\iTunes
    2012-07-02 01:38 . 2012-07-02 01:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-07-02 01:38 . 2012-07-02 01:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
    2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Apple Software Update
    2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Apple Computer
    2012-07-02 01:37 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-07-02 01:37 . 2012-04-25 16:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-07-02 01:37 . 2012-07-02 01:37 -------- d-----w- c:\program files\Bonjour
    2012-07-02 01:37 . 2012-07-02 01:38 -------- d-----w- c:\program files\Common Files\Apple
    2012-07-01 14:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-07-01 14:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19 . 2008-10-16 19:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2008-12-23 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2008-12-23 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2008-12-23 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2008-12-23 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2008-12-23 16:12 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2008-10-16 19:09 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2008-10-16 19:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2008-10-16 19:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2008-12-23 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2008-12-23 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2010-03-26 21:31 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18 . 2010-03-26 21:31 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2010-03-26 21:31 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 07:58 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-05-04 13:16 . 2006-02-28 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2008-12-23 16:10 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-14 00:17 . 2012-07-21 03:17 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-24_16.06.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-07-25 05:45 . 2012-07-25 05:45 16384 c:\windows\Temp\Perflib_Perfdata_654.dat
    + 2006-02-28 12:00 . 2012-07-24 21:04 68006 c:\windows\system32\perfc009.dat
    + 2006-02-28 12:00 . 2012-07-24 21:04 433176 c:\windows\system32\perfh009.dat
    + 2012-07-24 20:20 . 2012-07-24 20:20 890880 c:\windows\Installer\e83240.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
    .
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - [N/A]
    NETGEAR WPN311 Smart Wizard.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-11-07 21:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^NETGEAR WPN311 Smart Wizard.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WPN311 Smart Wizard.lnk
    backup=c:\windows\pss\NETGEAR WPN311 Smart Wizard.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
    "c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\Electronic Arts\\Need For Speed World\\Data\\nfsw.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/2/2012 1:22 PM 1373576]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/27/2008 8:11 PM 10384]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 2:56 PM 655944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 2:56 PM 22344]
    S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/16/2012 12:27 PM 250056]
    S3 gupdatem;Google Update Service (gupdatem);"c:\program files\Google\Update\GoogleUpdate.exe" /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/20/2012 11:17 PM 113120]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 16:27]
    .
    2012-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\0eijv3ze.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-25 02:02
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(628)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    .
    - - - - - - - > 'explorer.exe'(8100)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-07-25 02:03:54
    ComboFix-quarantined-files.txt 2012-07-25 06:03
    ComboFix2.txt 2012-07-24 16:11
    .
    Pre-Run: 228,202,258,432 bytes free
    Post-Run: 228,195,135,488 bytes free
    .
    - - End Of File - - 0F8EA8E2D8EE8FF02DE563056892C64B
     
  6. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    It's quite possible that funmoods has left some damage and I can safely say it's gone for now. I think what you can do now is to reinstall programs that are not functioning as well.

    Try it and let me know.
     
  7. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    It won't allow me to install google chrome because it says there may be an installation already in progress or it's being updated. It's not doing either of these things. I fixed the quick start icons. Hopefully removing then reinstalling the programs that won't work with the desktop icons will fix the.
     
  8. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    You may wish to uninstall some of your programs using Revo Uninstaller.

    Download Revo Uninstaller
    • Double click the installation file on the desktop to run the installer.
    • Let it install to the default location.
    • Double click the new Revo Uninstaller Icon on the desktop to start the program.
    You will now see a list of installed programs that Revo Uninstaller can remove.
    • Locate the program you are uninstalling

      Google Chrome
    • Right Click the Icon then choose Uninstall.
    • Click yes to the warning and choose the Uninstall Mode
    • Choose the Advanced option and then click Next.
    • This will launch the programs built in uninstaller. Be patient it can take several seconds.
    • Once the uninstaller is done click Next.
    • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
    • Once this scan is done click Next.
    • You will then be presented of the leftover entries found by Revo Uninstaller
    • Look at ALL of the entries to ensure they relate to the uninstall.
    • Next click Select All > Delete to remove the entries.
    • Click Next.
    • If there are any program file folders left over you will be presented with a list to be removed.
    • Again look at ALL of the entries to ensure they are related to the uninstall.
    • Click Select All > Delete to remove the entries.
    • Click Finish to go back to the uninstall list.
    • Close the program
     
  9. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    Google Chrome isn't listed anywhere on the uninstaller. Anything i remove i can't reinstall
     
  10. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    When you said you cannot reinstall, did you mean you encountered errors or some sort?
     
  11. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    It said Google update installation has failed with error 0x80040707
     
  12. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *chrome*
      
      :folderfind
      chrome
      
      :regfind
      chrome
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  13. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    SystemLook 30.07.11 by jpshortstuff
    Log created at 23:01 on 27/07/2012 by Computer_2
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*chrome*"
    C:\Documents and Settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\0eijv3ze.default\chromeappsstore.sqlite --a---- 98304 bytes [19:23 25/07/2012] [19:23 25/07/2012] F7CEBD0C5C09C552E38B601EF4398EE9
    C:\Documents and Settings\Computer_2\Application Data\Mozilla\Firefox\Profiles\masvvzic.default\chromeappsstore.sqlite --a---- 98304 bytes [19:49 26/07/2012] [19:49 26/07/2012] F7CEBD0C5C09C552E38B601EF4398EE9
    C:\Documents and Settings\Computer_2\Application Data\Mozilla(3)\Firefox(2)\Profiles(2)\0eijv3ze(2).default\chromeappsstore.sqlite --a---- 98304 bytes [05:52 26/07/2012] [05:52 26/07/2012] F7CEBD0C5C09C552E38B601EF4398EE9
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\EGJMPSPD\browser_chrome[1].png --a---- 2386 bytes [17:16 25/07/2012] [17:16 25/07/2012] 013E9DA50A58BB8C9CC78CEAB2593AC6
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\EGJMPSPD\chrome-48[1].png --a---- 1834 bytes [17:10 25/07/2012] [17:10 25/07/2012] 3FE84B8B53D7401B32FABD0C70F211BB
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\chrome-42[1].png --a---- 1818 bytes [19:22 26/07/2012] [19:22 26/07/2012] 9E96D33A84930E518815C6293ECB4DB1
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\ChromeSetup[1].exe --a---- 739856 bytes [19:08 25/07/2012] [19:08 25/07/2012] 594A3B88C6E38DC74B04966EC5CD60A1
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\chrome_logo[1].gif --a---- 2262 bytes [17:10 25/07/2012] [17:10 25/07/2012] E51AB8D60CF9B63CB5DB72CF3521680B
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\Q0VXXA21\gl_chrome_grad[1].png --a---- 379 bytes [17:18 25/07/2012] [17:18 25/07/2012] AB8E63E5B845080337B279148921F020
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\RLFKPIZQ\chrome_throbber_fast_16[1].gif --a---- 1548 bytes [17:10 25/07/2012] [17:10 25/07/2012] 00C51A8420DEA24FEE0C97D8D836DBF3
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\SFROZZ2C\chromebook_970x66_static[1].jpg --a---- 56933 bytes [19:10 25/07/2012] [19:10 25/07/2012] 6375C5E889A175AAC2FD0A95499E3130
    C:\Documents and Settings\Computer_2\Local Settings\Temporary Internet Files\Content.IE5\SFROZZ2C\ChromeSetup[1].exe --a---- 739856 bytes [17:10 25/07/2012] [17:11 25/07/2012] E4E8229CA6102570F32194347F7257D1
    C:\Documents and Settings\Computer_2\My Documents\Downloads\ChromeSetup(1).exe --a---- 739856 bytes [19:56 26/07/2012] [19:56 26/07/2012] 5B1103E10DB4C984BBA1891BE5217607
    C:\Documents and Settings\Computer_2\My Documents\Downloads\ChromeSetup.exe --a---- 739856 bytes [19:49 26/07/2012] [19:49 26/07/2012] 5B1103E10DB4C984BBA1891BE5217607
    C:\Program Files\Mozilla Firefox\chrome.manifest --a---- 36 bytes [19:48 26/07/2012] [00:17 14/07/2012] 8F2E87A15606DE2AD90C1E6DEAED4624
    C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome.manifest --a---- 539 bytes [19:48 26/07/2012] [22:45 05/07/2012] 422D6A2B4139A99A4F5A049D527C6AAD
    C:\Program Files\Mozilla Thunderbird\extensions\[email protected]\chrome.manifest --a---- 0 bytes [14:41 30/11/2008] [04:54 06/11/2008] D41D8CD98F00B204E9800998ECF8427E
    C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8 -ra---- 29500 bytes [22:28 30/05/2008] [22:28 30/05/2008] E4A1F93E2DCEC1FDFF473D429D20373D
    C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 -ra---- 1880 bytes [17:00 29/05/2008] [17:00 29/05/2008] 7ECCABD395D6116AC38152F395D68771
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome.manifest --a---- 1762 bytes [16:48 23/01/2009] [16:48 23/01/2009] C85089B86D79730B9E6A2185EAA96A72
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\chrome.jar --a---- 10010 bytes [18:40 18/03/2009] [18:40 18/03/2009] 7B8018A8E2B62C35748420DE18F60661
    C:\WINDOWS\Prefetch\CHROME.EXE-229B4BA7.pf --a---- 69078 bytes [12:14 21/08/2011] [01:58 21/07/2012] BF44C6CC47A83982BBD4C86B550F7F46
    C:\WINDOWS\Prefetch\CHROMESETUP.EXE-14161758.pf --a---- 24442 bytes [19:50 26/07/2012] [19:56 26/07/2012] 4BBCFB230BBDE22596A6536E22332662

    ========== folderfind ==========

    Searching for "chrome"
    C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome d------ [19:48 26/07/2012]
    C:\Program Files\Mozilla Thunderbird\chrome d------ [14:41 30/11/2008]
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome d------ [20:29 12/09/2009]

    ========== regfind ==========

    Searching for "chrome"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "e"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "b"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
    @="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithList\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
    @="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithList\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
    @="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithList\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
    @="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithList\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
    @="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithList\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML]
    @="Chrome HTML Document"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon]
    @="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\command]
    @=""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
    @="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HTTP\DefaultIcon]
    @="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
    @="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
    @=""C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\7692FC6BE18C0C0489510C7547EF1F02]
    "ChromePlugin"="FeatureMain"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe]
    "LocalizedString"="Google Chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command]
    @=""C:\Documents and Settings\Isaac.XPHT\Local Settings\Application Data\Google\Chrome\Application\chrome.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
    @="Google Chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
    "ApplicationName"="Google Chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
    "ApplicationIcon"="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
    "ApplicationDescription"="Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
    "crx"="ChromeExt"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
    ".xhtml"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
    ".xht"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
    ".shtml"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
    ".html"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
    ".htm"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\StartMenu]
    "StartMenuInternet"="Google Chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "https"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "http"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "ftp"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "webcal"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "mailto"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "urn"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "tel"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "smsto"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "sms"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "nntp"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "news"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "mms"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
    "irc"="ChromeHTML"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
    @="C:\Program Files\Google\Chrome\Application\chrome.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
    "ShowIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
    "HideIconsCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
    "ReinstallCommand"=""C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
    @=""C:\Program Files\Google\Chrome\Application\chrome.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
    "path"="C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
    "name"="Google Chrome binaries"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-cf]
    "CommandLine"=""C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe" --multi-install --system-level --verbose-logging --quick-enable-cf"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    "name"="Google Chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
    "UninstallString"="C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
    "ap"="-multi-chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
    "InstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Chrome\Application\chrome.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
    "ap"="-multi-chrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
    "UninstallString"="C:\Program Files\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
    "UninstallArguments"=" --uninstall --multi-install --chrome --system-level --verbose-logging"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
    "LastInstallerSuccessLaunchCmdLine"=""C:\Program Files\Google\Chrome\Application\chrome.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
    "Method"="jchrome"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
    "Path"="C:\Program Files\Google\Chrome\Application"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
    @="C:\Program Files\Google\Chrome\Application\chrome.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\"=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default\"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\"="1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\026CBE7C1CEB2D04A92127A4E4FC8C90]
    "7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\skype_ff_extension.jar"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30CDBD1D3F0FD6B4F8ED38F5FBCFEFDE]
    "7692FC6BE18C0C0489510C7547EF1F02"="02:\Software\Skype\Toolbars\Chrome\Watcher\WatcherPath"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9607188EF8F48B943A1780EDF02D704A]
    "7692FC6BE18C0C0489510C7547EF1F02"="02:\Software\Skype\Toolbars\Chrome\Plugin\UninstallString"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99AE00D278179BA4DBA8EA92BCB8E2F6]
    "7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome.manifest"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4E74624CB1FFEA4184C365D7574FCC8]
    "7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0BD1890CAD3A1E4D96E77A45D17EA40]
    "26DDC2EC4210AC63483DF9D4FCC5B59D"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\chrome\"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFAEE8B8C06925F4AA1CB1BE032C2D5D]
    "7692FC6BE18C0C0489510C7547EF1F02"="01:\Software\Skype\Toolbars\Chrome\Plugin\UninstallString"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6E24F2923B234C45BE71A06243C48E7]
    "7692FC6BE18C0C0489510C7547EF1F02"="C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7692FC6BE18C0C0489510C7547EF1F02\Features]
    "ChromePlugin"="*dNIX'42~?F_}TouMp-yI+stDh59m@1E=3N~%E}pLH]7WkCJS@_'q'G,]EaPz%x6nMZWg?w^3zAEp3u7%,YqTmQ!RAFcuWtoBKfmmdlfs_Xyc?z-dFpaC.f]FeatureMain"
    [HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator\PDFSpooler]
    "ProcessWithLessPrivileges"="iexplore.exe|chrome.exe|acrord32.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
    "Google Chrome"="Software\Clients\StartMenuInternet\Google Chrome\Capabilities"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Toolbars\Chrome]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Toolbars\Chrome\Plugin]
    "UninstallString"="msiexec /i {B6CF2967-C81E-40C0-9815-C05774FEF120} REMOVE=ChromePlugin /qb"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Toolbars\Chrome\Plugin]
    "UninstallStringSilent"="msiexec /i {B6CF2967-C81E-40C0-9815-C05774FEF120} REMOVE=ChromePlugin /qn REBOOT=ReallySuppress"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
    [HKEY_USERS\S-1-5-21-1229272821-2025429265-682003330-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
    "e"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"
    [HKEY_USERS\S-1-5-21-1229272821-2025429265-682003330-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "b"="C:\Documents and Settings\Computer_2\Desktop\ChromeSetup.exe"

    -= EOF =-
     
  14. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    448
    Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

    1. Before we make changes to your registry, we need to make a back up of the key that we are going to work on:

    Backing Up Your Registry
    1. Go HERE and download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    2. Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    3. Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    4. Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    5. Make sure that at least the first two check boxes are ticked
    6. Press OK
    7. Press YES to create the folder.
    For detailed instruction on how to back-up registry via ERUNT, please visit HERE


    If there is a fatal error you can simply double click on the reg file you just created to restore the registry to the state it was in before you began.
    Warning. Do not click it except if I tell you to do so. Double clicking it will reintroduce the malware to your computer and can have other unexpected effects.

    2. Please do this:
    • Copy the contents of the Code Box below to Notepad.
    • Name the file as fix.reg
    • Change the Save as Type to All Files
    • and Save it on the desktop
    Code:
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromeHTML] 
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe] 
    [HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
    "Chrome"=-
    
    
    [-HKEY_CURRENT_USER\SOFTWARE\Classes\ChromeHTML] 
    [-HKEY_CURRENT_USER\SOFTWARE\Clients\StartMenuInternet\chrome.exe] 
    [HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications]
    "Chrome"=-
    
    
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Chrome]
    [-HKEY_CURRENT_USER\Software\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    [-HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    
    
    [-HKEY_CURRENT_USER\Software\Google\Update\Clients\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}]
    [-HKEY_CURRENT_USER\Software\Google\Update\ClientState\{00058422-BABE-4310-9B8B-B8DEB5D0B68A}]
    
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    
    
    
    Make sure there are NO blank lines before Windows Registry Editor Version 5.00

    Then double-click on the fix.reg file, and when it prompts to merge say yes. Then reboot.

    ===================================================

    Go to the Start menu > Run.

    Enter one of the following commands in the text field :

    Windows XP:%USERPROFILE%\Local Settings\Application Data\Google

    Delete the Chrome folder in the directory that opens.

    Let me know if there are any issues.
     
  15. nygiantsfan87

    nygiantsfan87 Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    40
    Cannont import C:/Documents and Settings\Computer_2\Desktop\fix.reg: The specified file is not a registry script. You can only import binary files from within the registry editor.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1062217