Malware on Computer/adware, hijacker Claro Roda toolbar

7 posts in this topic

ID: 1   Posted (edited)

My computer has been really slow after downloading a couple of games, and my Firefox keeps reverting back to a homepage and search called babylon and i can't seem to get rid of it.

Reports are below

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.6.2

Run by Jimmy at 19:54:15 on 2013-02-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.385 [GMT 8:00]


AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}


============== Running Processes ================





C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe



C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe




C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe



C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Lenovo\Access Connections\AcSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe




C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe


C:\Program Files\Norton Internet Security\Engine\\ccSvcHst.exe




C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe



C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe



C:\Program Files\Synaptics\SynTP\SynTPHelper.exe


C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Protected Search\ProtectedSearch.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\ExpressFiles\ExpressFiles.exe

C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe

C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe

C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe

C:\Users\Jimmy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files\Switcher\Switcher.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe



C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe

C:\ProgramData\Video Performer Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe



C:\ProgramData\Video Performer Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\videomngr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Smiley Bar for Facebook\PropertySync.exe


C:\Program Files\Baidu\BaiduPlayer\\Baiduplayer.exe

C:\Program Files\Heroes of Newerth\hon.exe


C:\Program Files\Baidu\BaiduPlayer\\BaiduP2PService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe



C:\Program Files\Mozilla Firefox\plugin-container.exe





C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k WerSvcGroup


============== Pseudo HJT Report ===============


uStart Page = hxxp://

uSearch Bar = hxxp://

uSearch Page = hxxp://

uDefault_Search_URL = hxxp://

mStart Page = hxxp://

mSearch Bar = hxxp://

mSearch Page = hxxp://

mDefault_Search_URL = hxxp://

uURLSearchHooks: <no name="">: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\\bh\claro.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: VideoFileDownload: {0931BD3F-547E-45C1-B133-D0E995645DBA} - c:\program files\oapps\bho_project.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.313\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\\bh\BabylonToolbar.dll

BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\\CoIEPlg.dll

BHO: {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - <orphaned>

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\\ips\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: DownTango Launcher Toolbar: {b52d0735-ec19-448a-abde-e01b5bd275d2} - c:\users\jimmy\appdata\roaming\downtangolaunchertoolbar\DownTangoLauncherToolbar.dll

BHO: DataMngr: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - c:\program files\bearshare applications\mediabar\datamngr\BrowserConnection.dll

BHO: {BA0454C5-FD30-428E-8DB9-3FF87A612F64} - <orphaned>

BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\program files\bearshare applications\mediabar\datamngr\toolbar\wincorebsdtx.dll

BHO: BitAccelerator: {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files\bitaccelerator\BitAccelerator.dll

BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: TelevisionFanatic: {C98D5B61-B0EA-4D48-9839-1079D352D880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -

TB: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll

TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll

TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\\claroTlbr.dll

TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\program files\bearshare applications\mediabar\datamngr\toolbar\wincorebsdtx.dll

TB: DownTango Launcher Toolbar: {b52d0735-ec19-448a-abde-e01b5bd275d2} - c:\users\jimmy\appdata\roaming\downtangolaunchertoolbar\DownTangoLauncherToolbar.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\\CoIEPlg.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [Octoshape Streaming Services] "c:\users\jimmy\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [GHWAUC6NNZ] c:\users\jimmy\appdata\local\temp\Lrp.exe

uRun: [eType] c:\users\jimmy\appdata\roaming\etype\eType.exe

uRun: [Google Update] "c:\users\jimmy\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

uRun: [switcher] "c:\program files\switcher\Switcher.exe" /quiet

uRun: [baiduMEDIA] c:\program files\baidu\baiduplayer\\Baiduplayer.exe minimize

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\LVOSDSVC.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe

mRun: [TpShocks] TpShocks.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sweetIM] c:\program files\sweetim\messenger\SweetIM.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ExpressFiles] "c:\program files\expressfiles\ExpressFiles.exe" -tray

mRun: [TelevisionFanatic Search Scope Monitor] "c:\progra~1\televi~2\bar\1.bin\64srchmn.exe" /m=2 /w /h

mRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE

StartupFolder: c:\users\jimmy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.313\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2}

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Heart's%20Medicine%20-%20Season%20One/Images/stg_drm.ocx

DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://

TCP: NameServer =

TCP: Interfaces\{248CBD09-1EE7-4F5C-AFA4-7C03DFCE5963} : DHCPNameServer =

TCP: Interfaces\{8077711B-EFAE-4D73-9877-20A051FA0166} : DHCPNameServer =

TCP: Interfaces\{8077711B-EFAE-4D73-9877-20A051FA0166}\2456C6B696E6F554E68616E6365646F575962756C6563737F5641313644333 : DHCPNameServer =

TCP: Interfaces\{8077711B-EFAE-4D73-9877-20A051FA0166}\2656C6B696E6534376 : DHCPNameServer =

TCP: Interfaces\{8077711B-EFAE-4D73-9877-20A051FA0166}\A496D672370AE4564777F627B6 : DHCPNameServer =

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~2\videop~1\261123~1.78\{16cdf~1\videom~1.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli ACGina


================= FIREFOX ===================


FF - ProfilePath - c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\x5vkl54b.default\

FF - prefs.js: - hxxp://

FF - prefs.js: - Bing

FF - prefs.js: browser.startup.homepage - hxxp://

FF - component: c:\program files\mozilla firefox\extensions\\components\afurladvisor.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\jimmy\appdata\roaming\mozilla\firefox\profiles\x5vkl54b.default\extensions\\components\FFHst.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\baidu\baiduplayer\\npxbdyy.dll

FF - plugin: c:\program files\baidu\baiduplayer\\npxbdyyreg.dll

FF - plugin: c:\program files\internet explorer\pplite\plugin\npplugin2.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.313\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMyGames.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\televisionfanatic\bar\1.bin\NP64Stub.dll

FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\users\jimmy\appdata\local\google\update\\npGoogleUpdate3.dll

FF - plugin: c:\users\jimmy\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\jimmy\appdata\roaming\mozilla\plugins\np-mswmp.dll

FF - plugin: c:\users\jimmy\appdata\roaming\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\windows\downloaded program files\1188699226\npxbdsetup.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: !HIDDEN! 2010-03-11 17:41;; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

FF - ExtSQL: !HIDDEN! 2012-08-14 13:21;; c:\program files\televisionfanatic\bar\1.bin

FF - ExtSQL: !HIDDEN! 2012-09-22 18:21; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\bearshare applications\mediabar\datamngr\FirefoxExtension



FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.brc,

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://

FF - user.js: - 40ddc1c800000000000000ff231834bd

FF - user.js: extensions.funmoods_i.instlDay - 15396

FF - user.js: extensions.funmoods_i.vrsn -

FF - user.js: extensions.funmoods_i.vrsni -

FF - user.js: extensions.funmoods_i.vrsnTs -

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - nv1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: - 40ddc1c800000000000000ff231834bd

FF - user.js: extensions.BabylonToolbar_i.hardId - 40ddc1c800000000000000ff231834bd

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15546

FF - user.js: extensions.BabylonToolbar_i.vrsn -

FF - user.js: extensions.BabylonToolbar_i.vrsni -

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.claro.autoRvrt - false

FF - user.js: extensions.claro_i.newTab - false

FF - user.js: - 40ddc1c800000000000000ff231834bd

FF - user.js: extensions.claro.instlDay - 15597

FF - user.js: extensions.claro.vrsn -

FF - user.js: extensions.claro.vrsni -

FF - user.js: extensions.claro_i.vrsnTs -

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - iclaro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://

FF - user.js: - 40ddc1c800000000000000ffb8f0f731

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15713

FF - user.js: extensions.BabylonToolbar.vrsn -

FF - user.js: extensions.BabylonToolbar.vrsni -

FF - user.js: extensions.BabylonToolbar_i.vrsnTs -

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116632&tt=0213_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar.rvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false


============= SERVICES / DRIVERS ===============


R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301000.01c\SymDS.sys [2012-10-12 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301000.01c\SymEFA.sys [2012-10-12 897656]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20121030.002\BHDrvx86.sys [2012-11-6 995488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301000.01c\ccSetx86.sys [2012-10-12 132744]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-11 36040]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20121109.001\IDSvix86.sys [2012-11-10 386720]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301000.01c\Ironx86.sys [2012-10-12 149624]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1301000.01c\symnets.sys [2012-10-12 314488]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-11 533288]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-11 389928]

R2 LFKAS;Service of LFKA;c:\program files\lenovo\atk hotkey\LFKAS.exe [2009-12-19 208896]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\\ccSvcHst.exe [2012-10-12 138760]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-19 106656]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-14 126976]

R3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\drivers\PuAcpi32.sys [2009-12-19 14344]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]

R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2010-5-8 21360]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-25 278560]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-5 37208]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 GamesAppService;GamesAppService;"c:\program files\wildtangent games\app\gamesappservice.exe" --> c:\program files\wildtangent games\app\GamesAppService.exe [?]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-26 52224]

S3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2010-3-29 122752]


=============== Created Last 30 ================


2013-02-03 06:39:11 -------- d-----w- C:\EmoneyBAK

2013-02-03 06:05:27 -------- d-----w- c:\program files\ymLevel2QK

2013-01-20 10:44:56 -------- d-----w- c:\program files\Amelies Cafe Holiday Spirit

2013-01-20 09:15:46 -------- d-----w- c:\users\jimmy\appdata\local\APN

2013-01-20 09:13:47 -------- d-----w- c:\program files\Alawar

2013-01-10 19:27:44 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2013-01-09 02:09:52 626688 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 02:09:49 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 02:09:42 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 02:03:21 46592 ----a-w- c:\windows\system32\

2013-01-09 02:02:50 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 02:02:47 49152 ----a-w- c:\windows\system32\taskhost.exe

2013-01-08 02:42:21 -------- d-----w- c:\users\jimmy\appdata\roaming\BabSolution

2013-01-08 02:42:13 -------- d-----w- c:\program files\BabylonToolbar

2013-01-08 02:41:50 -------- d-----w- c:\users\jimmy\appdata\roaming\GoforFiles

2013-01-08 02:41:50 -------- d-----w- c:\program files\GoforFiles

2013-01-08 02:37:31 -------- d-----w- c:\program files\Sushi Frenzy


==================== Find3M ====================


2013-01-10 10:25:30 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-10 10:25:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-05 03:46:10 37208 ----a-w- c:\windows\system32\drivers\taphss6.sys

2012-12-27 01:47:05 5058928 ----a-w- c:\windows\system32\hss-update.upd

2012-12-19 07:53:32 18096 ----a-w- c:\windows\system32\roboot.exe

2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll

2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll


============= FINISH: 19:57:43.35 ===============





DDS (Ver_2012-11-20.01)


Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/19/2009 6:39:56 PM

System Uptime: 2/3/2013 10:34:38 PM (69 hours ago)


Motherboard: LENOVO | | 2743FKB

Processor: Intel® Core2 Duo CPU T5870 @ 2.00GHz | Socket 478 | 2001/200mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 222 GiB total, 163.422 GiB free.

D: is CDROM ()

Q: is FIXED (NTFS) - 10 GiB total, 2.407 GiB free.

S: is FIXED (NTFS) - 1 GiB total, 0.677 GiB free.


==== Disabled Device Manager Items =============


Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_210B17AA&REV_12\4&7EE979B&0&02F0


Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_210B17AA&REV_12\4&7EE979B&0&02F0



Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_210C17AA&REV_12\4&7EE979B&0&03F0


Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_210C17AA&REV_12\4&7EE979B&0&03F0



==== System Restore Points ===================


No restore point in system.


==== Installed Programs ======================


Update for Microsoft Office 2007 (KB2508958)


32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.6




Akamai NetSession Interface

Amelies Cafe Holiday Spirit

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Attack of the Groupies

Audiosurf Demo

Babylon Chrome Toolbar

Babylon toolbar on IE




Bonjour Print Services

Boutique Boulevard

bProtector for Windows


Claro LTD toolbar on IE

Coffee Rush 2

Cook, Serve, Delicious

Cooking Dash 3: Thrills and Spills


Countryside Buffet

Dairy Dash

Delicious - Emily's Big Surprise

Delicious - Emily's Wonder Wedding

Delicious 8 - Emily's Wonder Wedding PE



Diaper Dash






Facebook Plug-In

Farm Mania 2


FlashBoot 2.0h


Google Chrome


Heart's Medicine: Season One

Heroes of Newerth

Hewlett-Packard ACLM.NET v1.1.0.0

Hotel Dash - Suite Success

Hotspot Shield 2.83

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update







Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless WiFi Software

Internet TV for Windows Media Center

Java 7 Update 6

Java Auto Updater

Lenovo ThinkVantage Toolbox


Lisa's Fleet Flight

Lisas Fleet Flight


McAfee Security Scan Plus


Message Center Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service


Norton Internet Security

NVIDIA PhysX v8.10.29

OCR Software by I.R.I.S. 13.0

Octoshape Streaming Services

OGA Notifier 2.0.0048.0

On Screen Display

PE Builder 3.1.10a

Protected Search 1.1

Realtek Ethernet Controller Driver For Windows 7

Resco Explorer

Revo Uninstaller 1.93


Sale Frenzy

Sara's Super Spa Deluxe


Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skype Click to Call

Skype™ 5.10


Smiley Bar for Facebook




Sushi Frenzy

SweetIM for Messenger 3.3

SweetIM Toolbar for Internet Explorer 4.0

Switcher 2.0.0


System Requirements Lab for Intel

System Update

TelevisionFanatic Toolbar

The Institute: A Becky Brogan Adventure

The Treasures of Mystery Island 2: The Gates of Fate

ThinkPad FullScreen Magnifier

ThinkPad Power Management Driver for SL Series

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Access Connections

ThinkVantage Active Protection System




Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App



Wedding Dash - Ready, Aim, Love!

Wedding Salon

WildTangent Games App (HP Games)

Wincore MediaBar

Windows Driver Package - Broadcom Bluetooth (07/30/2009

Windows Driver Package - Broadcom Bluetooth (09/11/2009

Windows Driver Package - Broadcom HIDClass (07/28/2009

Windows Live ID Sign-in Assistant

Windows Media Center Add-in for Flash

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

Youda Survivor


==== Event Viewer Messages From Past Week ========


2/6/2013 7:37:00 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address The computer with the IP address did not allow the name to be claimed by this computer.

2/6/2013 10:44:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

2/3/2013 5:46:11 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address The computer with the IP address did not allow the name to be claimed by this computer.

2/3/2013 3:34:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JIMMY-WANG that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8077711B-EFAE-4D73-9877-20A051F. The master browser is stopping or an election is being forced.

2/2/2013 8:01:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.


==== End Of File ===========================</orphaned></orphaned></orphaned></no>

Edited by Maurice Naggar

Share this post

Link to post
Share on other sites

Hello cooldudie3 and welcome to MalwareBytes forum.

Please ignore the interloper post.

Start with the following, doing as much as you can.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Share this post

Link to post
Share on other sites

Hello cooldudie3,

It has been 4 days since my reply, and no word from you. I need to hear back from you today, otherwise I'll consider this abandoned & Close this.

Share this post

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post

Link to post
Share on other sites

Topic re-opened per request. Do as I had outlined in my post of 6 February.

IF in future you have other pressing tasks, just take a minute or 2 and make a post on the topic to let me know. It's just a courtesy consideration.

Share this post

Link to post
Share on other sites

48 hour status check

How is it going? You still around & needing help?

Share this post

Link to post
Share on other sites

Closed permanently due to no response.

Share this post

Link to post
Share on other sites
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.