1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: 100% cpu usage

Discussion in 'Windows XP' started by mardigrasvet, Oct 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    have 1.99gb ram but lately inspiron laptop using 100% cpu even if i have nothing opened. any clues? thanks.
     
  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    Download and save the

    TSG System Information Utility (SysInfo.exe)

    After it's been downloaded and saved, double-click it to run it.

    Information about your computer will appear.

    Return here to your thread, then copy-and-paste the ENTIRE text here.

    -------------------------------------------------------

    Go here and click the large green "Download" button to download and save HiJackThis 2.0.5 (HijackThis.exe)

    After it's been downloaded and saved, close all open windows.

    Double-click it and allow its main window to load.

    Uncheck "Do not show this window when I start HiJackThis".

    Click "Do a system scan and save a log file".

    When the scan is finished in 30 - 60 seconds, a log file will appear.

    Save that log file.

    Return here to your thread, then copy-and-paste the ENTIRE log file here.

    -------------------------------------------------------
     
  3. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    thanks for your speedy reply. i pasted the info from both sources below. i could not copy a list of things that had boxes to the left of each item to check or uncheck when using hijack this.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Celeron(R) M processor 1.30GHz, x86 Family 6 Model 13 Stepping 8
    Processor Count: 1
    RAM: 2039 Mb
    Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 96 Mb
    Hard Drives: C: Total - 28607 MB, Free - 9128 MB;
    Motherboard: Dell Inc.,
    Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 7:25:50 AM, on 10/10/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    FIREFOX: 24.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\WINDOWS\system32\dlbtcoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\tom\My Documents\Downloads\HijackThis(1).exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    R3 - URLSearchHook: (no name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files\I Want This\I Want This.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
    O2 - BHO: SelectionLinksBHO - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
    O2 - BHO: (no name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (file missing)
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
    O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: (no name) - {8f4181f4-137b-4cef-b050-6c8a58fabfbf} - (no file)
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    O4 - HKLM\..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r /c "C:\Program Files\CheckPoint\Install\Install.xml"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
    O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
    O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SPMTray] "C:\Program Files\PC Speed Maximizer\SPMTray.exe"
    O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files\LiveSupport\LiveSupport.exe" /noshow /log
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/67.17/uploader2.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
    O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing)
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10712 bytes
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    Your HijackThis log shows a number of issues with your computer:

    1. It's infested with threats.

    2. It has too many programs and services auto-starting and running in the background.

    3. Registry/file "cleaner/fixer" type utilities are being used in it.

    4. Unneeded add-ons are installed.

    Let's deal with the threat problem first, then we'll go from there.

    Do the following in the order listed.

    --------------------------------------------------------

    Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

    Close all open windows first, then double-click AdwCleaner.exe to load its main window.

    Note: The "Clean" and "Report" buttons will be grayed out for now.

    Click the "Scan" button, then allow the scanning process to finish.

    Click the "Clean" button, then click "OK".

    Allow the cleaning process to finish.

    When it's finished, click "OK" in each window that appears.

    The computer will restart.

    When the log appears during restart, save it.

    Return here to your thread, then copy-and-paste the ENTIRE log here.

    --------------------------------------------------------

    Download and save and then install the free version of

    Malwarebytes Anti-Malware 1.75.0.1300

    SUPERAntiSpyware 5.6.0.1040

    Make sure to update their definition files during the install process.

    Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

    Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

    After they're installed and updated, DON'T do anything else with them yet.

    --------------------------------------------------------
     
  5. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    thanks again for your help. here is the first item you asked for:

    # AdwCleaner v3.007 - Report created 10/10/2013 at 20:01:06
    # Updated 09/10/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : tom - TOM-4F9309974A5
    # Running from : C:\Documents and Settings\tom\Local Settings\Temp\dlm2D.tmp\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : Application Updater
    [#] Service Deleted : IBUpdaterService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\PCFixSpeed
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\savennshare
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\sayfE savee
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Seeaerch-NewTab
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\EZDownloader
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\DomaIQ Uninstaller
    Folder Deleted : C:\Program Files\EZDownloader
    Folder Deleted : C:\Program Files\OApps
    Folder Deleted : C:\Program Files\PCFixSpeed
    Folder Deleted : C:\Program Files\SafeSaver
    Folder Deleted : C:\Program Files\SweetIM
    Folder Deleted : C:\Program Files\WebSearch
    Folder Deleted : C:\Program Files\MixiDJ_V42
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Common Files\spigot
    Folder Deleted : C:\WINDOWS\system32\ARFC
    Folder Deleted : C:\WINDOWS\system32\WNLT
    Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\Coupon Companion Plugin
    Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\DownloadTerms
    Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\PackageAware
    Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\visi_coupon
    Folder Deleted : C:\Documents and Settings\tom\Local Settings\Application Data\MixiDJ_V42
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\tom\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Documents and Settings\tom\Application Data\DriverCure
    Folder Deleted : C:\Documents and Settings\tom\Application Data\EZDownloader
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Media Finder
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
    Folder Deleted : C:\Documents and Settings\tom\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\tom\Application Data\PCFixSpeed
    Folder Deleted : C:\Documents and Settings\tom\Application Data\pdfforge
    Folder Deleted : C:\Documents and Settings\tom\Application Data\PriceGong
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\tom\Application Data\searchquband
    Folder Deleted : C:\Documents and Settings\tom\Application Data\SpeedyPC Software
    Folder Deleted : C:\Documents and Settings\tom\Application Data\strongvault
    Folder Deleted : C:\Documents and Settings\tom\Application Data\SwvUpdater
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Toolbar4
    Folder Deleted : C:\Documents and Settings\tom\Start Menu\Programs\Browser Manager
    File Deleted : C:\WINDOWS\system32\dmwu.exe
    File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
    File Deleted : C:\Documents and Settings\tom\Desktop\Continue SweetIM Installation.lnk
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
    File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\searchplugins\WebSearch.xml
    File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Deleted : HKLM\SOFTWARE\Classes\MF
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8F4181F4-137B-4CEF-B050-6C8A58FABFBF}]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Crossrider
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\I Want This
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\MediaFinder
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\smartbar
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SpeedyPC Software
    Key Deleted : HKCU\Software\wnlt
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\MixiDJ_V42
    Key Deleted : HKCU\Software\AppDataLow\SProtector
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\ImInstaller
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\SP Global
    Key Deleted : HKLM\Software\SpeedyPC Software
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Supreme Savings
    Key Deleted : HKLM\Software\Tarma Installer
    Key Deleted : HKLM\Software\Updater By Sweetpacks
    Key Deleted : HKLM\Software\wnlt
    Key Deleted : HKLM\Software\MixiDJ_V42
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V42 Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MixiDJ_V42 Toolbar
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\prefs.js ]

    Line Deleted : user_pref("CT3310511.FF19Solved", "true");
    Line Deleted : user_pref("CT3310511.UserID", "UN17228480252037812");
    Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
    Line Deleted : user_pref("CT3310511.fullUserID", "UN17228480252037812.IN.20131010195958");
    Line Deleted : user_pref("CT3310511.installDate", "10/10/2013 20:00:14");
    Line Deleted : user_pref("CT3310511.installSessionId", "{E5F91AAE-A8BE-4AA4-908B-32D5E2454A29}");
    Line Deleted : user_pref("CT3310511.installSp", "TRUE");
    Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.7");
    Line Deleted : user_pref("CT3310511.keyword", "true");
    Line Deleted : user_pref("CT3310511.originalHomepage", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US");
    Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US&l=1&q=");
    Line Deleted : user_pref("CT3310511.originalSearchEngine", "WebSearch");
    Line Deleted : user_pref("CT3310511.originalSearchEngineName", "WebSearch");
    Line Deleted : user_pref("CT3310511.searchRevert", "false");
    Line Deleted : user_pref("CT3310511.searchUserMode", "2");
    Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
    Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.3.20");
    Line Deleted : user_pref("CT3310511.xpeMode", "0");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US&l=1&q=");
    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
    Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
    Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN17228480252037812&UM=2&SearchSource=3&q={searchTerms}");
    Line Deleted : user_pref("browser.search.order.1", "WebSearch");
    Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
    Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
    Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
    Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN17228480252037812&UM=2&SearchSource=13");
    Line Deleted : user_pref("extensions.51e60ec90b226.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';s[...]
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN17228480252037812&UM=2&q=");
    Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
    Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN17228480252037812&UM=2&SearchSource=13");
    Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN17228480252037812&UM=2&q=");
    Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
    Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
    Line Deleted : user_pref("smartbar.machineId", "YKGLZZK7EUONGU1DY7HMOQCENBQAHRDSBKUOLKRS06GOBNCEK0HXKQBWSS8AVXE62VTT+TWQJTLPOL389XMCLA");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US");
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.pur-esult.info/?pid=724&r=2013/09/12&hid=15008628416445486858&lg=EN&cc=US&l=1&q=");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v

    [ File : C:\Documents and Settings\tom\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [27786 octets] - [10/10/2013 19:58:12]
    AdwCleaner[S0].txt - [29560 octets] - [10/10/2013 20:01:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29621 octets] ##########
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    Your AdwCleaner log shows a LOT of threats were found and deleted, so you need to follow my previous instructions and run it again.

    The new log needs to be submitted so we can insure all threats were found and deleted.

    -----------------------------------------------------------

    The log also shows that you've been using PCFixSpeed and SpeedyPC and DriverCure and possibly other "cleaner/fixer" type programs.

    These type of programs can damage Windows and damage programs and generate error messages and wreak havoc with a computer.

    Avoid using them, no matter what they claim they can do.

    -----------------------------------------------------------

    Have you completed the third part of post #4?

    -----------------------------------------------------------
     
  7. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    will run the adwcleaner again right after sending this note. never heard of pcfixspeed, speedypc or drivercure or any other cleaner/fixer type of programs. have no idea how they got on my computer.

    yes, i downloaded malwarebytes and super antispyware but have not run them. thanks for all your help.
     
  8. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    here are the results of running adw cleaner just a minute ago:

    # AdwCleaner v3.007 - Report created 11/10/2013 at 19:03:24
    # Updated 09/10/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : tom - TOM-4F9309974A5
    # Running from : C:\Documents and Settings\tom\Local Settings\Temp\dlm6.tmp\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : IBUpdaterService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\WINDOWS\system32\ARFC
    Folder Deleted : C:\WINDOWS\system32\jmdp
    Folder Deleted : C:\WINDOWS\system32\WNLT
    Folder Deleted : C:\DOCUME~1\tom\LOCALS~1\Temp\CT3310511
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Searchprotect
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\CT3310511
    Folder Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
    File Deleted : C:\WINDOWS\system32\dmwu.exe
    File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
    File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\searchplugins\Conduit.xml
    File Deleted : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\searchplugins\MyStart Search.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\tom\Local Settings\Temp\SweetIMSetup_20130903.exe]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\wnlt
    Key Deleted : HKLM\Software\wnlt
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\tom\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [27786 octets] - [10/10/2013 19:58:12]
    AdwCleaner[R1].txt - [2752 octets] - [11/10/2013 19:02:20]
    AdwCleaner[S0].txt - [29702 octets] - [10/10/2013 20:01:06]
    AdwCleaner[S1].txt - [2729 octets] - [11/10/2013 19:03:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2789 octets] ##########
     
  9. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    The second scan and clean with AdwCleaner found several more threats, so you need to do a third scan and clean.

    Hopefully, that log will come up clean.

    Hold off doing anything with MBAM and SAS for now until I give you detailed instructions for them.

    ---------------------------------------------------------

    How many people use that computer?

    --------------------------------------------------------
     
  10. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    i am the only person who uses the computer. could be was inattentive to the various "addons" that sometimes are offered when downloading a program. now read all the boxes before proceeding.

    here is what the third run of adw cleaner came up with:

    # AdwCleaner v3.007 - Report created 12/10/2013 at 06:31:17
    # Updated 09/10/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : tom - TOM-4F9309974A5
    # Running from : C:\Documents and Settings\tom\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Documents and Settings\tom\Application Data\Mozilla\Firefox\Profiles\kkilnqov.default-1371904849015\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\tom\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [27786 octets] - [10/10/2013 19:58:12]
    AdwCleaner[R1].txt - [2752 octets] - [11/10/2013 19:02:20]
    AdwCleaner[R2].txt - [1206 octets] - [12/10/2013 06:30:14]
    AdwCleaner[S0].txt - [29702 octets] - [10/10/2013 20:01:06]
    AdwCleaner[S1].txt - [2869 octets] - [11/10/2013 19:03:24]
    AdwCleaner[S2].txt - [1128 octets] - [12/10/2013 06:31:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1188 octets] ##########
     
  11. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    That's why I advise and encourage people to carefully read each window that appears during the install or update process of a program.

    In most cases, this allows you the option of unchecking or declining to install unneeded toolbars and other unneeded extras.

    ----------------------------------------------------------
     
  12. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    The third AdwCleaner log looks okay, so let's proceed with the other 2 security programs.

    Follow these instructions carefully, and DON'T use the computer while each scan is in progress.

    -----------------------------------------------------------

    Start Malwarebytes Anti-Malware.

    Click "Scanner(tab) - Perform quick scan - Scan".

    If infections or problems are found during the scan, the number of them will be highlighted in red.

    When the scan is finished, click "Show Results".

    Make sure that EVERYTHING is selected, then click "Remove Selected".

    If you're prompted to restart to finish the removal process, click "Yes".

    Start Malwarebytes Anti-Malware again.

    Click "Logs"(tab).

    Highlight the scan log entry, then click "Open".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------------

    Start SUPERAntiSpyware.

    Select the "Quick Scan" option, then click "Scan your Computer".

    If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

    When the scan is finished and the scan summary window appears, click "Continue".

    Make sure that EVERYTHING in the list is selected, then click "Remove Threats".

    Click "OK - Finish".

    If you're prompted to restart to finish the removal process, do so.

    Start SUPERAntiSpyware again.

    Click "View Scan Logs".

    Highlight the scan log entry, then click "View Selected Log".

    When the scan log appears in Notepad, copy-and-paste it here.

    -----------------------------------------------------------
     
  13. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    here is the malwarebytes log which had seven entries:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6644

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    5/22/2011 7:51:53 PM
    mbam-log-2011-05-22 (19-51-53).txt

    Scan type: Quick scan
    Objects scanned: 150110
    Time elapsed: 5 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6644

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/22/2011 8:30:54 AM
    mbam-log-2011-10-22 (08-30-54).txt

    Scan type: Quick scan
    Objects scanned: 1
    Time elapsed: 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.14.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    tom :: TOM-4F9309974A5 [administrator]

    3/14/2012 8:38:16 AM
    mbam-log-2012-03-14 (08-38-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 189519
    Time elapsed: 6 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 9
    HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 47e5c26741d63a35751c41db3908e9af -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
    C:\Documents and Settings\tom\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Application Data\bytewdownload\installmanager.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

    (end)


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.19.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    tom :: TOM-4F9309974A5 [administrator]

    5/19/2012 7:19:28 PM
    mbam-log-2012-05-19 (19-19-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202081
    Time elapsed: 16 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: a77e7498f725e26c08768464f9a6f1b1 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
    C:\Documents and Settings\tom\Local Settings\Temp\air379.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\air1F2.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\air7C7.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\is324156961\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

    (end)


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.31.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    tom :: TOM-4F9309974A5 [administrator]

    5/31/2012 6:03:18 PM
    mbam-log-2012-05-31 (18-03-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204841
    Time elapsed: 9 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.

    (end)


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.31.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    tom :: TOM-4F9309974A5 [administrator]

    6/1/2012 7:03:02 PM
    mbam-log-2012-06-01 (19-03-02).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 250731
    Time elapsed: 2 hour(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 10
    C:\Documents and Settings\tom\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141993.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141991.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141992.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP517\A0141995.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142016.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142017.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142020.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP518\A0142021.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{B40BD56B-4561-4111-919D-9D5610387FCD}\RP520\A0142328.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.

    (end)


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.10.10.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    tom :: TOM-4F9309974A5 [administrator]

    10/12/2013 9:24:39 AM
    mbam-log-2013-10-12 (09-24-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216189
    Time elapsed: 22 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 13
    HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
    HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{453B56D6-9589-5512-37B4-B4A94B3A6C60} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 3
    C:\Documents and Settings\All Users\Application Data\0 (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\0\Setup (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\ct3314312 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

    Files Detected: 25
    C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\InstallMate\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\InstallMate\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\My Documents\Downloads\iLividSetup-r1045-n-bf.exe.part (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\My Documents\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\My Documents\Downloads\YTDSetup.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\My Documents\Downloads\[GAY PORNO] 3 MOVIES OF SEAN CODY !.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\dlm2D.tmp\sweetpacks0913.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\00294823\3HItcccp.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\00294823\mSyblAZ.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\18be6784\GXY5mqi.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\18be6784\ifnNkS.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Addons\newtab_setup.exe (PUP.Optional.PreLoader.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Addons\OptimizerProInstaller.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Local Settings\Temp\{B826C242-BFB5-40F1-A21A-F79763C5E0B4}\Addons\web_assistant_v2.exe (PUP.Optional.SProtect.A) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\Optimizer_Pro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
    C:\WINDOWS\Installer\31173da3.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
    C:\Documents and Settings\tom\Application Data\Explorer.EXE_log.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    (end)

    starting the super antispyware now.
     
  14. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,648
    All I wanted was the above log with the current version 1.75.0.1300 and today's date.

    It looks like it found and removed 13 registry, 3 folder, and 25 file threats.

    -----------------------------------------------
     
  15. mardigrasvet

    mardigrasvet Thread Starter

    Joined:
    Mar 23, 2004
    Messages:
    431
    thanks. figured sending you too much would be better than having you ask again. here is the super antispyware info:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/12/2013 at 10:21 AM

    Application Version : 5.6.1040

    Core Rules Database Version : 10824
    Trace Rules Database Version: 8636

    Scan type : Quick Scan
    Total Scan Time : 00:13:52

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 402
    Memory threats detected : 0
    Registry items scanned : 31690
    Registry threats detected : 0
    File items scanned : 7017
    File threats detected : 21

    Adware.Tracking Cookie
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .casalemedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .interclick.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\TOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KKILNQOV.DEFAULT-1371904849015\COOKIES.SQLITE ]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1110367