Comcast still complaining about Bots after cleaning with PRO

[Psychotic]

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[EdGallagher]

ESET has been running for 8 hours but is still making progress. I will post when it is finished.

[EdGallagher]

ESET is still running - it has identified 45 items that look suspicious out of 3,257,865 files in 23:25 hours. I will post when it finishes.

[Psychotic]

Thanks for the update, I´m awaiting it.

[EdGallagher]

Unbelievable - I was up to 47 suspicious items when I went to bed last night - but this morning, it appears that windows did an auto update and rebooted my machine. I will have to start again...that was frustrating! I will turn off auto updates!

[Psychotic]

that happens sometimes, yes. if you haven't started again, please reply and I'll give you instructions on how to purge the caches. That may reduce the number of files to scan.

[EdGallagher]

I would love any suggestions!

[Psychotic]

Scan with adwCleaner

Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
  
• Hit delete.
  
• When the run is finished, it will open up a text file.
  
• Please post its contents within your next reply.
  
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

Please download and run Temp File Cleaner from here: http://www.geekstogo.com/forum/files/download/187-tfc-temp-file-cleaner-by-oldtimer/

When both tools finsihed its run, restart ESET and post the log when ready.

[EdGallagher]

From adware -

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 08:27:30

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Desk2 - BOB

# Boot Mode : Normal

# Running from : C:\Users\Desk2\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

File Deleted : C:\Users\Public\Desktop\iLivid.lnk

File Deleted : C:\Users\Temp BOB\AppData\Local\Temp\Searchqu.ini

File Deleted : C:\Users\Temp BOB\AppData\Local\Temp\searchqutoolbar-manifest.xml

File Deleted : C:\Users\Temp BOB\AppData\Local\Temp\SetupDataMngr_Searchqu.exe

Folder Deleted : C:\Program Files (x86)\BabylonToolbar

Folder Deleted : C:\Program Files (x86)\blekkotb

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\FLV_Runner

Folder Deleted : C:\Program Files (x86)\Searchqu Toolbar

Folder Deleted : C:\Program Files (x86)\Wajam

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Desk2\AppData\Local\blekkotb

Folder Deleted : C:\Users\Desk2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Folder Deleted : C:\Users\Desk2\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Desk2\AppData\LocalLow\blekkotb

Folder Deleted : C:\Users\Desk2\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Desk2\AppData\LocalLow\FLV_Runner

Folder Deleted : C:\Users\Desk2\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Temp BOB\AppData\Local\Babylon

Folder Deleted : C:\Users\Temp BOB\AppData\Local\blekkotb

Folder Deleted : C:\Users\Temp BOB\AppData\Local\Conduit

Folder Deleted : C:\Users\Temp BOB\AppData\Local\PackageAware

Folder Deleted : C:\Users\Temp BOB\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Temp BOB\AppData\Local\Wajam

Folder Deleted : C:\Users\Temp BOB\AppData\Local\Zoom_Downloader

Folder Deleted : C:\Users\Temp BOB\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Temp BOB\AppData\LocalLow\FLV_Runner

Folder Deleted : C:\Users\Temp BOB\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\Temp BOB\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\Temp BOB\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Temp BOB\AppData\LocalLow\Searchqutoolbar

Folder Deleted : C:\Users\Temp BOB\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Temp BOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll

Key Deleted : HKCU\Software\AppDataLow\Software\blekkotb

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\FLV_Runner

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CEA379-7178-4758-9C80-969876E32395}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Wajam

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.MultipleButton.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.ThirdPartyInstaller.1

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton

Key Deleted : HKLM\SOFTWARE\Classes\MyWebSearch.UrlAlertButton.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\FLV_Runner

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll

Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss

Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

Key Deleted : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07CEA379-7178-4758-9C80-969876E32395}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

Key Deleted : HKLM\Software\SearchquMediabarTb

Key Deleted : HKLM\Software\Wajam

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{07CEA379-7178-4758-9C80-969876E32395}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B99D6B-5E62-49E5-92AC-245645A4BA02}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB9FE03D-F2F0-47F4-88A4-41BBECD0D76E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3BBD3C14-4C16-4989-8366-95BC9179779D}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{3BBD3C14-4C16-4989-8366-95BC9179779D}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3201318 --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Desk2\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.26] : keyword = "blekko",

Deleted [l.30] : search_url = "hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120219186944[...]

File : C:\Users\Temp BOB\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2204] : homepage = "hxxp://www.searchnu.com/406",

Deleted [l.2470] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[s1].txt - [25634 octets] - [15/06/2013 08:27:30]

########## EOF - C:\AdwCleaner[s1].txt - [25695 octets] ##########

[Psychotic]

Fine, go on with ESET then.

[EdGallagher]

Still attempting to run a full ESET. We ran again for 10's of hours and it will not complete without my PC rebooting for one reason or another...tried Temp File Cleaner but does seem to want to complete a scan either. Very frustrating! Sorry for delay.

[Psychotic]

Try it again in safe mode with networking

[EdGallagher]

This is a partial scan - I will try running this and geekstogo in Safe Mode...

C:\FRST\Quarantine\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application
C:\Program Files\SOS\SOSNF\CS10Kill.exe probably unknown NewHeur_PE virus
C:\Program Files (x86)\SOS\SOSNF\CS10Kill.exe probably unknown NewHeur_PE virus
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.UK trojan
C:\Users\Temp BOB\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe Win32/OpenCandy application
C:\Users\Temp BOB\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA86W52F.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAT9PZCT.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVDTBTX.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVWNYEU.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\malwarestyledatebased_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[2].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[3].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[4].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[5].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nowpubliccallers_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCATXVPRW.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAUBZV0A.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAW2FGYG.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[3].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[6].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[9].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\vj[1].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[2].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA86W52F.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAT9PZCT.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVDTBTX.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVWNYEU.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\malwarestyledatebased_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[2].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[3].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[4].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[5].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nowpubliccallers_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCATXVPRW.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAUBZV0A.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAW2FGYG.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[3].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[6].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[9].htm HTML/Iframe.B.Gen virus
 

[Psychotic]

Empty the browser cache of Internet Explorer first!

[EdGallagher]

I deleted IE cache and started running again - we are 14 hours in on Safe Mode with Networking and will see what happens tomorrow.

[EdGallagher]

ESET - Full Run

C:\FRST\Quarantine\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
C:\FRST\Quarantine\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application
C:\Program Files\SOS\SOSNF\CS10Kill.exe probably unknown NewHeur_PE virus
C:\Program Files (x86)\SOS\SOSNF\CS10Kill.exe probably unknown NewHeur_PE virus
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYZ trojan
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.BC trojan
C:\TDSSKiller_Quarantine\07.06.2013_18.23.25\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.UK trojan
C:\Users\Temp BOB\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe Win32/OpenCandy application
C:\Users\Temp BOB\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[2].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA86W52F.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAT9PZCT.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVDTBTX.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVWNYEU.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\malwarestyledatebased_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[2].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[3].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[4].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[5].htm JS/Agent.NJW trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nowpubliccallers_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCATXVPRW.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAUBZV0A.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAW2FGYG.htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[3].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[6].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[9].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\vj[1].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\coverclustered_biz[2].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CA86W52F.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAT9PZCT.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVDTBTX.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3CAVWNYEU.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iframe3[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\malwarestyledatebased_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[1].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[2].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[3].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[4].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\menshealthbase_passback_300x250[5].htm JS/Agent.NJW trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\nowpubliccallers_biz[1].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCATXVPRW.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAUBZV0A.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rlCAW2FGYG.htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[3].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[6].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rl[9].htm HTML/Iframe.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\vj[1].htm JS/Agent.NJW trojan
 

[Psychotic]

Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.
  
  

  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
  

 

 

 

 

C:\Users\Temp BOB\Downloads\GameHouse-Installer_am-plantsvszombiestm_gamehouse_.exe Win32/OpenCandy application
C:\Users\Temp BOB\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application

These files aren´t malware but contain security risks. I would delete them immediatle without opening. Your choice.

[EdGallagher]

Before I do this:  will these scripts delete my sons World of Warcraft game or any other browser games?  He seems to think that SYSWOW64 is World of Warcraft...

[Psychotic]

Only the subdirectory containing temporary internet files will be deleted. The data of the browser games is stored on their servers, not on your client (to prevent cheating).

SYSWOW64 is a system folder (System Windows on 64 bit) making it possible to run 32bit applications on a 64bit system: http://en.wikipedia.org/wiki/WOW64

It has nothing to do with World of Warcraft, so don´t be afraid.

[EdGallagher]

Here is the result - I physically looked and the files really are not there...I ran the fix twice but got the same results.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2013
Ran by Desk2 at 2013-06-20 19:46:06 Run:2
Running from C:\Users\Desk2\Desktop\FRST
Boot Mode: Normal
==============================================

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 => File/Directory not found.

==== End of Fixlog ====

[Psychotic]

OK, then another:

 

 

 

Please download and run Temp file cleaner: http://www.bleepingcomputer.com/download/tfc/dl/92/

 

When fnished:

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
• Hit delete.
• When the run is finished, it will open up a text file.
• Please post its contents within your next reply.
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[EdGallagher]

I ran temp file cleaner and adaware so far - they both ran very smooth

# AdwCleaner v2.303 - Logfile created 06/21/2013 at 19:53:43
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Desk2 - BOB
# Boot Mode : Normal
# Running from : C:\Users\Desk2\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKU\S-1-5-21-1239007821-1110583340-4102201496-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-1239007821-1110583340-4102201496-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKU\S-1-5-21-1239007821-1110583340-4102201496-1002\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Desk2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Temp BOB\AppData\Local\Google\Chrome\User Data\Default\Preferences

*************************

AdwCleaner[s1].txt - [25697 octets] - [15/06/2013 08:27:30]
AdwCleaner[s2].txt - [1586 octets] - [21/06/2013 19:53:43]

########## EOF - C:\AdwCleaner[s2].txt - [1646 octets] ##########

[EdGallagher]

Security check

 Results of screen317's Security Check version 0.99.67 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 25 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[Psychotic]

Then your system is clean!

 

 

Adobe Reader update


Your Adobe Reader is outdated. We will fix this.

• Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
• Run setup and follow the instructions.
• Click upon Start-->control panel-->add/remove programs.
• Search for and remove any older reader versions.
  

 

 

 

Uninstall our tools.
Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

 

Reading Material
How to protect yourself

• System Updates
  Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Windows XP | Windows Vista |
  Windows 7 | windows 8
• Protection
  What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
  Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
• Up to date Software
  Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  
  • Secunia Online Software Inspector - Checks if your software has updates available.
  • Filehippo Update Checkere - This tool also scans your computer for outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
    

  [*] Backups
  There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
  It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.
  

[EdGallagher]

Thanks for all of the help - if I make a donation, does that go to you or to the company?