Homepages hijacked

[bobalu4u]

My homepages on IE8, Mozilla firfox and Google have all been hijacked by Key Find. I ran the latest Malwarebytes and removed 247 items but now these homepages are hijacked. I have XP can someone help me?? Thanks.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download AdwCleaner by Xplode onto your Desktop.

 

•  

   

• Double click on Adwcleaner.exe to run the tool.

   

   

• Click on Scan

   

   

• Once the scan is done, click on the Clean button.

   

   

• You will get a prompt asking to close all programs. Click OK.

   

   

• Click OK again to reboot your computer.

   

   

• A text file will open after the restart. Please post the content of that logfile in your reply.

   

   

• You can also find the logfile at C:\AdwCleaner[sn].txt.

   

   

 

 

Next,

 

Please download Junkware Removal Tool to your desktop.

 

•  

   

• Shut down your protection software now to avoid potential conflicts.

   

   

• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

   

   

• The tool will open and start scanning your system.

   

   

• Please be patient as this can take a while to complete depending on your system's specifications.

   

   

• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

   

   

• Post the contents of JRT.txt into your next message.

   

   

 

 

Next,

 

 

•  

   

• Download OTL to your desktop.

   

   

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

   

   

• Under the Standard Registry box change it to All.

   

   

• Check the boxes beside LOP Check and Purity Check.

   

   

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

   

   

• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

   

   

• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

   

   

 

 

Let me see those logs....

 

Kevin

[bobalu4u]

Hi,

Okay I ran the programs as directed. Here are the log files. Hope you can help.

# AdwCleaner v3.023 - Report created 13/04/2014 at 17:22:28

# Updated 01/04/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : bob - BOBALU

# Running from : C:\Documents and Settings\bob\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\SNT

Folder Deleted : C:\Documents and Settings\All Users\Application Data\WbSvCouponApp

Folder Deleted : C:\Program Files\uniblue

Folder Deleted : C:\Documents and Settings\bob\Local Settings\Application Data\eSupport.com

Folder Deleted : C:\Documents and Settings\bob\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\bob\Application Data\EZDownloader

Folder Deleted : C:\Documents and Settings\bob\My Documents\Optimizer Pro

Folder Deleted : C:\Documents and Settings\marie\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch

Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\quick_start@gmail.com

Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com

Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\coa_r@ppviyoo-.net

Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\iiyy6_uaia@hlao-.edu

Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\jmyb_zb@uqwaey.com

Folder Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\ssltdr8a@zrbme-o.org

File Deleted : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\searchplugins\WebSearch.xml

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422892226}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466896626}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\Uniblue

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v28.0 (en-US)

 

[ File : C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\prefs.js ]

 

Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Line Deleted : user_pref("browser.search.order.1", "WebSearch");

Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Line Deleted : user_pref("extensions.FtH84dJHBFd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\[...]

Line Deleted : user_pref("extensions.Vgz3RchNb45T.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf([...]

Line Deleted : user_pref("extensions.crossrider.bic", "1455cebbe97312692b38c0244138a088");

Line Deleted : user_pref("extensions.kPDsEmHjE6O.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\[...]

Line Deleted : user_pref("extensions.mwYpqP.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumo[...]

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7884 octets] - [13/04/2014 17:21:01]

AdwCleaner[s0].txt - [7527 octets] - [13/04/2014 17:22:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7587 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by bob on Sun 04/13/2014 at 17:39:04.17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Documents and Settings\bob\Application Data\mozilla\firefox\profiles\h7nl2mbh.default-1384217108078\prefs.js

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 04/13/2014 at 17:50:00.43

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

OTL logfile created on: 4/13/2014 5:56:20 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\bob\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.50% Memory free

3.85 Gb Paging File | 3.62 Gb Available in Paging File | 94.16% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 227.87 Gb Total Space | 198.91 Gb Free Space | 87.29% Space Free | Partition Type: NTFS

 

Computer Name: BOBALU | User Name: bob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (All) ==========

 

PRC - [2014/04/13 17:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bob\Desktop\OTL.exe

PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2013/03/26 18:13:08 | 000,196,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

PRC - [2010/09/13 21:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe

PRC - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe

PRC - [2010/06/10 17:50:42 | 001,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe

PRC - [2010/06/10 17:50:42 | 000,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe

PRC - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe

PRC - [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

PRC - [2008/04/13 17:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [RPCSS]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETWORKSERVICE]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [NETSVCS]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [LOCALSERVICE]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [imgSVC]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPZ12]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [HPZ12]

PRC - [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe  [DCOMLAUNCH]

PRC - [2008/04/13 17:12:29 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

PRC - [2008/04/13 17:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\locator.exe

PRC - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/13 17:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe

PRC - [2008/01/26 22:38:16 | 000,316,728 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

PRC - [2006/12/12 10:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe

PRC - [2005/06/16 17:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

PRC - [2005/02/09 00:06:40 | 000,356,352 | ---- | M] (jiiSoft) -- C:\Program Files\IE New Window Maximizer\iemaximizer.exe

PRC - [2003/09/03 19:12:44 | 000,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

PRC - [2002/07/15 20:43:52 | 000,028,672 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2010/06/10 17:50:42 | 001,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe

MOD - [2010/06/10 17:50:42 | 000,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe

MOD - [2005/06/07 22:10:50 | 000,070,656 | ---- | M] () -- C:\WINDOWS\system32\CTMMACTL.DLL

 

 

========== Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - File not found [Auto | Stopped] -- LxrSII1s.exe -- (LxrSII1s)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2014/04/02 13:30:15 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2014/03/12 11:17:54 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/03/26 18:13:08 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3)

SRV - [2012/02/29 17:40:12 | 000,008,704 | ---- | M] (Microsoft) [Disabled | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)

SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2010/09/13 21:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

SRV - [2010/06/10 17:50:42 | 000,519,936 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent)

SRV - [2010/06/10 17:46:21 | 001,023,488 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\COMODO\BackUp\CmdBkSvc.exe -- (ComodoBackupService)

SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/10/31 21:12:23 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/08/26 16:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [File_System | Auto | Stopped] -- system32\dla\tfsnifs.sys -- (tfsnifs)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\bob\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\bob\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\bob\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\LxrSII1d.sys -- (LxrSII1d)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (bvrp_pci)

DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)

DRV - [2010/06/10 17:50:42 | 000,087,056 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)

DRV - [2010/06/10 17:50:42 | 000,079,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)

DRV - [2010/06/10 17:50:42 | 000,024,208 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)

DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2009/10/07 01:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2009/10/07 01:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2009/10/07 01:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2008/07/26 08:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/04 23:19:13 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)

DRV - [2007/06/18 03:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)

DRV - [2006/12/19 08:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2006/12/19 08:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2006/12/19 08:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2006/12/19 08:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2006/12/19 08:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2006/12/19 08:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2006/08/17 11:23:00 | 000,340,176 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2006/06/11 18:06:28 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2004/06/16 02:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2004/03/06 03:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2004/03/06 03:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2004/03/06 03:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003/12/15 19:22:00 | 000,038,448 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)

DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)

DRV - [2001/08/17 14:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)

DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dslextreme.com

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1:  File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90:  File not found

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 20:51:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/13 23:00:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2013/03/06 17:18:02 | 000,000,000 | ---D | M]

 

[2008/09/02 19:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bob\Application Data\Mozilla\Extensions

[2014/04/13 17:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\extensions

[2013/11/14 16:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2014/04/02 13:30:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2014/04/01 17:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions

[2014/04/01 17:15:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\BOB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\H7NL2MBH.DEFAULT-1384217108078\EXTENSIONS\16EEDE48-12E9-4C79-BD54-C82622138533@630D8A34-73AF-4E03-9664-9082492EB220.COM

[2009/06/26 17:27:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.key-find.com/?type=hp&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

CHR - Extension: Google Docs = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: Google Drive = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: SNT = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhgmfbibbkpcemffabbgeiekhgbilhni\2.1\

CHR - Extension: saevee neT = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkhjmjgfaaackhmiacfahpfachcnkljk\5.14\

CHR - Extension: YouTube = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: YouTube = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Search = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: YoutubeAdblocker = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\emdmhpfnbblemkmhbbnngddbjohibheh\1.0\

CHR - Extension: WbSvCouponApp = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjddabmonjjfijfangeckeodfachapic\3.18\

CHR - Extension: Easy Surf = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\115\

CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

CHR - Extension: Google Wallet = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Gmail = C:\Documents and Settings\bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2013/09/03 18:19:54 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)

O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()

O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)

O4 - HKCU..\Run: [iE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft)

O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboFormWatcher.exe (Siber Systems)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra 'Tools' menuitem : Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: bankofamerica.com ([sitekey] https in Local intranet)

O15 - HKCU\..Trusted Domains: bankofamerica.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: dailynews.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: deadline.com ([www] https in Local intranet)

O15 - HKCU\..Trusted Domains: drudgereport.com ([www] http in Local intranet)

O15 - HKCU\..Trusted Domains: drudgereport.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: dslextreme.com ([www] http in Local intranet)

O15 - HKCU\..Trusted Domains: dslextreme.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: dslreports.com ([www] http in Local intranet)

O15 - HKCU\..Trusted Domains: dslreports.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)

O15 - HKCU\..Trusted Domains: mlb.com ([losangeles.dodgers] http in Local intranet)

O15 - HKCU\..Trusted Domains: mlb.com ([losangeles.dodgers] https in Trusted sites)

O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1351542115015 (MUCatalogWebControl Class)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351498381057 (MUWebControl Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37CBB603-8C91-41A5-9BB6-27AE01755D02}: DhcpNameServer = 10.0.1.1

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - () -  File not found

O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (pgdfgsvc C 1)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/04/13 17:20:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/04/13 17:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bob\Desktop\OTL.exe

[2014/04/13 17:18:46 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\bob\Desktop\JRT.exe

[2014/04/13 15:17:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2014/04/13 15:07:02 | 000,000,000 | --SD | C] -- C:\ComboFix

[2014/04/13 15:06:18 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/04/13 14:57:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bob\Recent

[2014/04/13 13:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2014/04/11 20:24:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2014/04/11 20:24:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2014/04/11 20:24:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2014/04/11 20:24:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2014/04/11 13:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\X86

[2014/04/11 13:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AMD64

[2014/04/11 13:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SuperbApp

[2014/04/11 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\savE nnet

[2014/04/11 13:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bob\AppData

[2014/04/11 13:23:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\b1e5ef0f861617bd

[2014/04/11 13:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2014/04/09 14:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bob\Desktop\Bitdefender

[2014/04/09 14:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dumps

[2014/04/07 21:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender

[2014/04/04 21:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bob\My Documents\Cyberlink

[2014/04/04 16:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskCheckup

[2006/11/01 14:07:34 | 003,623,736 | ---- | C] (Sysinternals) -- C:\Program Files\procexp.exe

[2006/02/15 05:34:08 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\bob\MSSSerif120.fon

 

========== Files - Modified Within 30 Days ==========

 

[2014/04/13 17:24:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/04/13 17:24:05 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys

[2014/04/13 17:24:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2014/04/13 17:24:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2014/04/13 17:23:27 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx

[2014/04/13 17:23:27 | 000,055,252 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx

[2014/04/13 17:23:27 | 000,055,252 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000005-10031102}.rfx

[2014/04/13 17:23:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2014/04/13 17:23:27 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2014/04/13 17:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bob\Desktop\OTL.exe

[2014/04/13 17:18:50 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\bob\Desktop\JRT.exe

[2014/04/13 17:17:23 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\bob\Desktop\AdwCleaner.exe

[2014/04/13 17:17:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/04/13 13:14:03 | 000,002,035 | ---- | M] () -- C:\Documents and Settings\bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/04/13 13:14:03 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2014/04/13 13:14:03 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to firefox.exe.lnk

[2014/04/13 12:26:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2014/04/11 17:19:17 | 000,286,986 | ---- | M] () -- C:\Documents and Settings\bob\Local Settings\Application Data\census.cache

[2014/04/11 17:19:16 | 000,194,015 | ---- | M] () -- C:\Documents and Settings\bob\Local Settings\Application Data\ars.cache

[2014/04/10 22:45:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2014/04/07 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2014/04/07 20:19:10 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2014/04/03 12:13:27 | 000,025,824 | ---- | M] () -- C:\Documents and Settings\bob\Desktop\Criteria for Instructors Template Sheet1.pdf

[2014/04/02 12:36:19 | 000,330,131 | ---- | M] () -- C:\Documents and Settings\bob\My Documents\2014 prop tax.pdf

[2014/03/20 23:38:13 | 019,136,512 | ---- | M] () -- C:\Documents and Settings\bob\NTUSER.bak

 

========== Files Created - No Company Name ==========

 

[2014/04/13 17:17:06 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\bob\Desktop\AdwCleaner.exe

[2014/04/11 20:24:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2014/04/11 20:24:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2014/04/11 20:24:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2014/04/11 20:24:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2014/04/11 20:24:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2014/04/02 12:36:18 | 000,330,131 | ---- | C] () -- C:\Documents and Settings\bob\My Documents\2014 prop tax.pdf

[2014/03/22 17:23:05 | 000,025,824 | ---- | C] () -- C:\Documents and Settings\bob\Desktop\Criteria for Instructors Template Sheet1.pdf

[2012/09/26 21:43:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin

[2012/04/14 23:54:10 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\.backup.dm

[2011/12/31 02:14:25 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini

[2011/08/11 17:08:17 | 000,286,986 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\census.cache

[2011/08/11 17:08:06 | 000,194,015 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\ars.cache

[2011/05/08 14:49:27 | 000,319,646 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1182905458-139579374-4073466077-1005-0.dat

[2011/05/08 14:49:26 | 000,127,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2010/10/02 10:56:39 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\housecall.guid.cache

[2009/11/12 23:50:56 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\setup_ldm.iss

[2009/03/31 14:51:42 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\usb.dat

[2008/08/08 18:46:11 | 001,854,464 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3938.msi

[2008/08/07 18:44:58 | 001,855,488 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\piclens-win-iemin-release-1.7.1.3900.msi

[2008/04/13 10:16:58 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007/12/30 13:10:15 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\bob\GoToAssistDownloadHelper.exe

[2006/08/16 16:39:10 | 000,072,056 | ---- | C] () -- C:\Program Files\procexp.chm

[2006/05/09 10:09:50 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\bob\~gep2~

[2006/04/15 18:17:48 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\Final Draft Tagger Preferences

[2006/04/14 02:43:29 | 000,000,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176

[2006/04/14 02:32:53 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105

[2006/03/06 23:07:35 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/02/18 13:58:33 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini

[2006/02/15 06:07:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\PFP120JPR.{PB

[2006/02/15 06:07:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\bob\Application Data\PFP120JCM.{PB

[2006/02/15 03:01:15 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\bob\Local Settings\Application Data\fusioncache.dat

[2006/02/15 03:01:12 | 019,136,512 | ---- | C] () -- C:\Documents and Settings\bob\NTUSER.bak

[2004/02/25 10:45:00 | 002,226,922 | ---- | C] () -- C:\Program Files\jv16pt_setup1.3.0.195.exe

 

========== ZeroAccess Check ==========

 

[2005/08/16 03:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2014/04/11 13:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\b1e5ef0f861617bd

[2008/10/31 21:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2012/04/14 23:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

[2010/10/19 19:09:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2008/10/18 01:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2014/04/09 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dumps

[2013/03/21 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen

[2006/04/14 02:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft

[2012/03/02 03:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake

[2007/08/24 02:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2014/04/11 13:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2011/12/28 23:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo

[2010/10/19 18:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2008/08/20 00:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes

[2013/03/21 00:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro

[2011/06/17 02:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF

[2012/11/05 16:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2012/02/09 16:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2011/04/02 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping

[2006/04/27 00:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2014/04/11 16:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\savE nnet

[2014/04/11 13:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SuperbApp

[2014/04/11 17:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2014/04/13 13:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/03/27 02:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/10/14 13:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/13 10:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/14 17:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/04/27 00:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Auslogics

[2013/07/21 15:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Downloaded Installations

[2014/04/07 22:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Dropbox

[2013/11/11 13:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\ElevatedDiagnostics

[2011/04/05 20:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\enchant

[2013/03/21 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\FileOpen

[2006/04/14 02:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Final Draft

[2006/02/15 05:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Leadertech

[2013/03/21 00:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Nitro

[2014/04/11 16:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Nitro PDF

[2013/06/21 01:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Oracle

[2012/02/09 16:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\PCDr

[2011/04/02 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\RapidTyping

[2012/09/26 21:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Research In Motion

[2012/07/16 06:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\SanDisk

[2012/10/15 16:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\uTorrent

[2008/01/13 12:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Webshots

[2006/07/10 00:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Windows Live Safety Center

[2008/07/31 11:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\Windows Search

[2008/02/16 03:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\WinPatrol

[2009/05/17 14:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bob\Application Data\WordWeb

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:SummaryInformation

 

< End of report >

 

 

[kevinf80]

That log from OTL is the second run so there is no second log "Extras.txt"

 

Do the following:

 

Re-Run   by double left click, Vista and Widows 7 users accept UAC alert. if applicable.

• Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL
  
  

  :OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....ANK189356893568IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find....189356893568&q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find....189356893568&q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find....ANK189356893568IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find....ANK189356893568CHR - homepage: http://www.key-find....ANK189356893568O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found[2014/04/10 22:45:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job[2014/04/07 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\sqlsodbc.chm:SummaryInformation:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT]

• Then click button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 

Next,Run Malwarebytes again:

 

• 
  

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 

• 
  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Let me see those two logs, also let me know if any remaining issues or concerns..

 

Kevin

[bobalu4u]

Hi Kevin,

Okay I hope I got this right. Here are the OTL and MBam logs.

 

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

Use Chrome's Settings page to change the HomePage.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ not found.

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

Unable to delete ADS C:\WINDOWS\System32\sqlsodbc.chm:SummaryInformation .

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\bob\My Documents\SECURITY\cmd.bat deleted successfully.

C:\Documents and Settings\bob\My Documents\SECURITY\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: bob

->Temp folder emptied: 3314 bytes

->Temporary Internet Files folder emptied: 1229202 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 3992767 bytes

->Google Chrome cache emptied: 7234614 bytes

->Flash cache emptied: 506 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

 

User: HelpAssistant

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: marie

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 1274736 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: SUPPORT_388945a0

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5400 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15227 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 13.00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 04142014_175400

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot..

-----------------------------------

.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.15.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

bob :: BOBALU [administrator]

 

4/14/2014 6:08:04 PM

MBAM-log-2014-04-14 (18-19-05).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 302916

Time elapsed: 9 minute(s), 44 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKCU\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc (PUP.Optional.uTorrentTB.A) -> No action taken.

HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc (PUP.Optional.uTorrentTB.A) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 3

HKLM\SOFTWARE\Clients\StartMenuInternet\Chrome.EXE\shell\open\command| (PUP.Optional.KeyFind.A) -> Bad: ("C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568) Good: (Chrome.exe) -> No action taken.

HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (PUP.Optional.KeyFind.A) -> Bad: ("C:\Program Files\Mozilla Firefox\firefox.exe" http://www.key-find.com/?type=sc&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568) Good: (firefox.exe) -> No action taken.

HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command| (PUP.Optional.KeyFind.A) -> Bad: ("C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.key-find.com/?type=sc&ts=1397420042&from=tugs&uid=WDCXWD2500JS-75NCB1_WD-WCANK189356893568) Good: (Chrome.exe) -> No action taken.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

[kevinf80]

The log from Malwarebytes shows "No Action Taken" can you re-run  MB, when the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

Post a fresh log and let me know if any issues or concerns remain...

 

Thanks,

 

Kevin

[bobalu4u]

Hey Kevin, here it is. No items found and I still have key find.com as the hijacker of all my browser homepages. What now?

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.15.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

bob :: BOBALU [administrator]

 

4/15/2014 4:42:30 PM

mbam-log-2014-04-15 (16-42-30).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 303043

Time elapsed: 9 minute(s), 8 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[kevinf80]

Run this please:

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save the zip file to your Desktop.

Double click zip file and extract to your  Desktop:

 

 

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Capture.png[/img]

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;FFdefaults;CHRdefaults;iedefaults;  

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

 

Post the produced log in your next reply, also let me know if the hijacker is cleared...

[bobalu4u]

Kevin,

I unzipped all three Zoek instances and F Secure, my AV automatically ran a scan and either removed or quarrantined 2 of them. The only one remaining is the EXE file. I'm new to FSecure so I didn't disable it, but I hadn't run the Zoek yet. Should I extract the 2 other instances and put them on the desktop again. F secure calls it a trojan. Or do I just close down F Secure and only run the Zoek EXE.?ythanks

[kevinf80]

Zoek is not a Trojan or malicious in any way, you will need to turn off F-Secure and run the .exe as you suggest...

 

Thanks,

 

Kevin

[bobalu4u]

Kevin, I'm sending you the log for Zoek. I think we got it! No more hijacked browsers. Thank you so much! Let me know if there's anything in the log that shows I need more fixing.

One question: when I open Firfox it asks if I want to install Google Chrome for faster browsing...should I? I'm moving away from IE 8 because it's no longer supported by MS. I'm not sure which browser to use as my regular browser..Firefox or Google? Thanks again.

FYI I've tried to send the post and the log together and I get an error that my post is too short! Odd because if anything it's too long. I'll send it again.

[bobalu4u]

Kevin,

It won't send. Keeps saying post is too short. Is there another way I can send this log? Thanx

[kevinf80]

If you receive a "too short" error that usually means you have not added a reply into the text field before posting. Are you trying to attach the logs without any reply in the text field (reply box)

[bobalu4u]

No I did put it in this box..it still says error too short. I'm thinking it could be too long. Can I send it to you anyother way, like as an atachment?

[kevinf80]

Yes that is ok by me, just attach the log...

[bobalu4u]

zoek-results.log

Here it is, Kevin... thanks again.

[kevinf80]

No action required with the Zoek log, all is good. We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• 
  

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 

• 
  

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 

• 
  

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see that log, also give an update on any remaining issues or concerns

[bobalu4u]

Hi Kevin,

Okay here it is! Hopefully it's gone because I do have my homepages back again. Many thanks.

Should I install Google chrome on Firefox? Because it seems that a few of those pup's had something to do with Google ad-ons.

C:\AdwCleaner\Quarantine\C\Documents and Settings\bob\Application Data\Mozilla\Firefox\Profiles\h7nl2mbh.default-1384217108078\Extensions\16eede48-12e9-4c79-bd54-c82622138533@630d8a34-73af-4e03-9664-9082492eb220.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application deleted - quarantined

C:\Documents and Settings\bob\My Documents\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Documents and Settings\bob\My Documents\Downloads 2\kbsetup Typing.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined

C:\Documents and Settings\bob\My Documents\SE TUP EXE\ccsetup313.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined

C:\Documents and Settings\bob\My Documents\SE TUP EXE\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined

C:\Documents and Settings\bob\My Documents\SE TUP EXE\RapidTyping_Setup_3.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined

C:\Documents and Settings\bob\My Documents\SE TUP EXE\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\Documents and Settings\bob\My Documents\Security info\Downloads\kbsetup Typing.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application deleted - quarantined

C:\Program Files\COMODO\Firewall\s1.tmp a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined

C:\Program Files\Final Draft 7\Patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2187\A1261678.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2187\A1261695.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263015.dll a variant of Win32/SProtector.D potentially unwanted application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263026.exe a variant of Win32/AdWare.SpeedingUpMyPC.D application cleaned by deleting - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263029.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263033.exe a variant of Win32/SpeedingUpMyPC application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2189\A1263034.dll probably a variant of Win32/SProtector.E potentially unwanted application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2190\A1263201.dll a variant of Win32/AdWare.MultiPlug.N application cleaned by deleting - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2190\A1263203.dll a variant of Win64/Adware.MultiPlug.A application cleaned by deleting - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2194\A1266134.exe a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2194\A1266139.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2194\A1266144.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined

C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

C:\zoek_backup\C_DOCUME~1_ALLUSE~1_APPLIC~1_InstallMate\{37E3D31F-83B3-4341-A1AA-CB91EC00F1E9}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined

C:\zoek_backup\C_DOCUME~1_ALLUSE~1_APPLIC~1_InstallMate\{DC3B5126-78C7-4B0B-A9E0-30E507D873D0}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined

C:\zoek_backup\C_Program Files_Uninstaller\Uninstall.exe a variant of MSIL/DomaIQ.A potentially unwanted application deleted - quarantined

[kevinf80]

Thanks for the log and update, one point, Chrome is a Browser, so is Firefox. You cannot install Chrome into Firefox. You can install Google Mail (GMail) addon to firefox, is that what you mean?

 

If your system is now ok without issue run the following:

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
  

    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Also read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin....

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!