Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:HTML/ Redirector.BB virus


  • Please log in to reply
21 replies to this topic

#1 scrubbo

scrubbo

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 09 March 2013 - 11:45 AM

My laptop is infected with Trojan:HTML/ Redirector.BB and MS security essentials cannot remove it.  I have the TDSKiller logs
--Kirk Wemple

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 09 March 2013 - 11:47 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results



#3 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 10 March 2013 - 08:51 AM

aswMBR log

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-09 12:21:19
-----------------------------
12:21:19.808    OS Version: Windows 6.0.6002 Service Pack 2
12:21:19.808    Number of processors: 2 586 0x170A
12:21:19.808    ComputerName: YELLOWTAIL  UserName: Kwemple
12:21:49.996    Initialize success
12:24:39.359    AVAST engine defs: 13030900
12:24:48.501    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:24:48.501    Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40C Size: 238475MB BusType: 3
12:24:48.532    Disk 0 MBR read successfully
12:24:48.532    Disk 0 MBR scan
12:24:48.563    Disk 0 Windows VISTA default MBR code
12:24:48.579    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       192393 MB offset 2048
12:24:48.594    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        31080 MB offset 394022912
12:24:48.626    Disk 0 Partition 3 00     12  Compaq diag NTFS        15000 MB offset 457674752
12:24:48.641    Disk 0 scanning sectors +488394752
12:24:48.735    Disk 0 scanning C:\Windows\system32\drivers
12:25:04.212    Service scanning
12:25:44.039    Modules scanning
12:26:17.095    Disk 0 trace - called modules:
12:26:17.126    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
12:26:17.126    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856ae2e8]
12:26:17.142    3 CLASSPNP.SYS[87dac8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x844358a0]
12:26:18.811    AVAST engine scan C:\Windows
12:26:25.394    AVAST engine scan C:\Windows\system32
12:31:54.045    AVAST engine scan C:\Windows\system32\drivers
12:32:33.893    AVAST engine scan C:\Users\Kwemple
12:56:22.491    AVAST engine scan C:\ProgramData
13:00:42.843    Scan finished successfully
14:02:36.140    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
14:02:36.265    The log file has been saved successfully to "C:\aswMBR.txt"

 

ESET results

 

C:\$Recycle.Bin\S-1-5-21-2343111693-2188292013-3307047926-1000\$RUMR5MK.exe    a variant of Win32/Adware.iBryte.D application
C:\$Recycle.Bin\S-1-5-21-2343111693-2188292013-3307047926-1000\$RZ2QU64\YontooIEClient.dll    a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\TDSSKiller_Quarantine\09.03.2013_11.29.57\mbr0000\tdlfs0000\tsk0001.dta    Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\09.03.2013_11.29.57\mbr0000\tdlfs0000\tsk0002.dta    Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\09.03.2013_11.29.57\mbr0000\tdlfs0000\tsk0003.dta    a variant of Win32/Rootkit.Kryptik.PR trojan
C:\TDSSKiller_Quarantine\09.03.2013_11.29.57\mbr0000\tdlfs0000\tsk0004.dta    Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\09.03.2013_11.29.57\mbr0000\tdlfs0000\tsk0008.dta    Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\09.03.2013_11.29.57\mbr0000\tdlfs0000\tsk0009.dta    Win64/Olmarik.AK trojan
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
C:\Users\Kwemple\AppData\Local\Temp\coupish-babylon.exe    multiple threats
C:\Users\Kwemple\AppData\Local\Temp\DaCvLRDB.exe.part    a variant of Win32/Adware.iBryte.D application
C:\Users\Kwemple\AppData\Local\Temp\Toolbar_Phpnuke.exe    Win32/Toolbar.Babylon application
C:\Users\Kwemple\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe    Win32/Toolbar.Babylon application
 

 


 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 10 March 2013 - 08:52 AM

TDSSkiller log?

 

Did you remove the infections detected by ESET?



#5 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 10 March 2013 - 08:53 AM

TDSKILLER log (entire log could not be posted)

 

11:34:23.0040 3016  ============================================================
11:34:23.0040 3016  Scan finished
11:34:23.0040 3016  ============================================================
11:34:23.0062 3768  Detected object count: 3
11:34:23.0062 3768  Actual detected object count: 3
11:53:07.0668 3768  MpKsl709ea418 ( ForgedFile.Multi.Generic ) - skipped by user
11:53:07.0685 3768  MpKsl709ea418 ( ForgedFile.Multi.Generic ) - User select action: Skip
11:53:11.0077 3768  \Device\Harddisk0\DR0\# - copied to quarantine
11:53:11.0126 3768  \Device\Harddisk0\DR0 - copied to quarantine
11:53:11.0223 3768  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:53:11.0374 3768  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:53:11.0380 3768  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:53:11.0412 3768  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:53:11.0431 3768  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:53:11.0432 3768  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:53:11.0434 3768  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:53:11.0437 3768  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:53:11.0440 3768  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:53:11.0446 3768  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:53:11.0449 3768  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:53:11.0454 3768  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:53:11.0526 3768  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:53:11.0557 3768  \Device\Harddisk0\DR0 - ok
11:53:17.0266 3768  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:53:17.0271 3768  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:53:17.0271 3768  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:53:27.0217 0800  Deinitialize success
 



I did not remove anything using eset.



#6 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 10 March 2013 - 08:55 AM

I did inadvertantly select Cure in TDS. 



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 10 March 2013 - 08:57 AM

11:53:17.0271 3768  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

 

Restart the PC,run TDSSkiller again and select CURE for TDSSfilesystem

 

I did not remove anything using eset.

 

Remove it and post the new log



#8 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 10 March 2013 - 09:13 AM

TDSKiller run again.   all threats cleared.

 

10:11:33.0228 3396  ============================================================
10:11:33.0229 3396  Scan finished
10:11:33.0229 3396  ============================================================
10:11:33.0231 3084  Detected object count: 0
10:11:33.0231 3084  Actual detected object count: 0
10:11:53.0402 4044  Deinitialize success



#9 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 11 March 2013 - 05:38 AM

I ran a security essentials quick scan and more viruses were detected.  The Redirector virus is still there and an Alureon virus appeared in the last scan.



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 11 March 2013 - 08:26 AM

We are not finished yet

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log



#11 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 12 March 2013 - 04:49 PM

Malwarebytes log:

 



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.09.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kwemple :: YELLOWTAIL [administrator]

3/11/2013 6:17:02 PM
mbam-log-2013-03-11 (18-17-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 878667
Time elapsed: 6 hour(s), 59 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#12 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 12 March 2013 - 04:50 PM

Minitoolbox log

 

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Kwemple (administrator) on 12-03-2013 at 17:03:38
Running from "C:\Users\Kwemple\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
74.208.10.249 gs.apple.com

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Leaf Networks Adapter = Leaf Networks Adapter (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Leaf Networks Adapter" forwarding=enabled advertise=enabled metric=9000 nud=enabled
add neighbor interface="Leaf Networks Adapter" address=5.175.114.30 neighbor="00-ff-17-e7-5f-15"


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Yellowtail
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Physical Address. . . . . . . . . : 00-FF-28-D9-61-87
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Leaf Networks Adapter:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Leaf Networks Adapter
   Physical Address. . . . . . . . . : 00-FF-DD-AC-F3-A0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::5c9:fe34(Preferred)
   Link-local IPv6 Address . . . . . : fe80::ad2f:5bc6:d54f:9e39%18(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.158.57(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 419495901
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-33-96-26-00-23-5A-6E-F1-64
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-22-FA-B8-AA-C6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d82b:ad85:d9cb:33ec%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 11, 2013 6:13:49 PM
   Lease Expires . . . . . . . . . . : Wednesday, March 13, 2013 6:13:49 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 234889978
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-33-96-26-00-23-5A-6E-F1-64
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-23-5A-6E-F1-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{E33E86B8-1DF6-40CC-8F03-EE9659156D15}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.colubris.lan
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
1.1.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial  = 1
    refresh = 600 (10 mins)
    retry   = 1200 (20 mins)
    expire  = 604800 (7 days)
    default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4002:c01::64
      74.125.137.101
      74.125.137.100
      74.125.137.102
      74.125.137.139
      74.125.137.138
      74.125.137.113



Pinging google.com [74.125.137.102] with 32 bytes of data:

Reply from 74.125.137.102: bytes=32 time=16ms TTL=48

Reply from 74.125.137.102: bytes=32 time=15ms TTL=48



Ping statistics for 74.125.137.102:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 15ms, Maximum = 16ms, Average = 15ms

1.1.168.192.in-addr.arpa
    primary name server = localhost
    responsible mail addr = nobody.invalid
    serial  = 1
    refresh = 600 (10 mins)
    retry   = 1200 (20 mins)
    expire  = 604800 (7 days)
    default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=425ms TTL=50

Reply from 206.190.36.45: bytes=32 time=528ms TTL=50



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 425ms, Maximum = 528ms, Average = 476ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 17 ...00 ff 28 d9 61 87 ...... Juniper Network Connect Virtual Adapter
 18 ...00 ff dd ac f3 a0 ...... Leaf Networks Adapter
  9 ...00 22 fa b8 aa c6 ...... Intel® WiFi Link 5100 AGN
  8 ...00 23 5a 6e f1 64 ...... Broadcom NetLink ™ Gigabit Ethernet
  1 ........................... Software Loopback Interface 1
 15 ...00 00 00 00 00 00 00 e0  isatap.{E33E86B8-1DF6-40CC-8F03-EE9659156D15}
 16 ...00 00 00 00 00 00 00 e0  isatap.colubris.lan
 13 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.8     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.158.57   9256
   169.254.158.57  255.255.255.255         On-link    169.254.158.57   9256
  169.254.255.255  255.255.255.255         On-link    169.254.158.57   9256
      192.168.1.0    255.255.255.0         On-link       192.168.1.8    281
      192.168.1.8  255.255.255.255         On-link       192.168.1.8    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.8    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.158.57   9256
        224.0.0.0        240.0.0.0         On-link       192.168.1.8    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.158.57   9256
  255.255.255.255  255.255.255.255         On-link       192.168.1.8    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    286 2620:9b::/64             On-link
 18    286 2620:9b::/96             On-link
 18    286 2620:9b::5c9:fe34/128    On-link
 18    286 fe80::/64                On-link
  9    281 fe80::/64                On-link
 18    286 fe80::ad2f:5bc6:d54f:9e39/128
                                    On-link
  9    281 fe80::d82b:ad85:d9cb:33ec/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    286 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/11/2013 05:00:55 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0xfc8, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:49 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0x3b4, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:40 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0x1748, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:31 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0xe40, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:25 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0x7a0, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:17 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0x898, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:13 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0x1490, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:09 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0xd34, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 05:00:05 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0x1644, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.

Error: (03/11/2013 04:59:54 PM) (Source: Application Error) (User: )
Description: Faulting application FlashPlayerPlugin_11_6_602_171.exe, version 11.6.602.171, time stamp 0x511ee9e4, faulting module ShimEng.dll_unloaded, version 0.0.0.0, time stamp 0x4549bdb7, exception code 0xc0000005, fault offset 0x683f4618,
process id 0xd64, application start time 0xFlashPlayerPlugin_11_6_602_171.exe0.


System errors:
=============
Error: (03/11/2013 06:16:51 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (03/11/2013 06:16:50 PM) (Source: Service Control Manager) (User: )
Description: Routing and Remote AccessBFE

Error: (03/11/2013 06:14:38 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (03/11/2013 06:14:38 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (03/11/2013 06:14:38 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (03/11/2013 06:14:38 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (03/11/2013 06:13:13 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:12:20 PM on 3/11/2013 was unexpected.

Error: (03/10/2013 10:11:25 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (03/10/2013 10:10:52 AM) (Source: Service Control Manager) (User: )
Description: Routing and Remote AccessBFE

Error: (03/10/2013 10:09:07 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE


Microsoft Office Sessions:
=========================
Error: (03/11/2013 05:00:55 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618fc801ce1e9b85c41e30

Error: (03/11/2013 05:00:49 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f46183b401ce1e9b82352b10

Error: (03/11/2013 05:00:40 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618174801ce1e9b7cf29480

Error: (03/11/2013 05:00:31 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618e4001ce1e9b7742e440

Error: (03/11/2013 05:00:25 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f46187a001ce1e9b7425ecd0

Error: (03/11/2013 05:00:17 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f461889801ce1e9b6f002d10

Error: (03/11/2013 05:00:13 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618149001ce1e9b6c7f4e90

Error: (03/11/2013 05:00:09 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618d3401ce1e9b6a440490

Error: (03/11/2013 05:00:05 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618164401ce1e9b67bdcee0

Error: (03/11/2013 04:59:54 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_6_602_171.exe11.6.602.171511ee9e4ShimEng.dll_unloaded0.0.0.04549bdb7c0000005683f4618d6401ce1e9b5efbae80


CodeIntegrity Errors:
===================================
  Date: 2013-03-11 18:23:05.280
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:23:05.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:23:04.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:23:04.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:23:04.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:23:04.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:18:29.094
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:18:28.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:18:28.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-11 18:18:28.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe AIR (Version: 3.4.0.2540)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Amazon Cloud Drive (Version: 0.11.12.0)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon Music Importer (Version: 2.0.1)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless Driver (Version: 1.0.0.0)
Broadcom Gigabit NetLink Controller (Version: 12.26.01)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DFU Mode Application
DivX Setup (Version: 2.6.1.8)
Dolby Control Center (Version: 2.2.1)
Download Navigator (Version: 3.4.0)
eMusic Download Manager 4.1.4 (Version: 4.1.4)
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Event Manager (Version: 2.50.0000)
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.4j)
ESET Online Scanner v3
Free DVD to iPod Converter CS (Version: 1.0.0)
Free Window Registry Repair
Fresco Logic USB3.0 Host Controller (Version: 3.0.99.53)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.11752)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HiJackThis (Version: 1.0.0)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 12.04.0000)
Intel® TV Wizard
iPhoneBrowser (Version: 1.9.3)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Juniper Networks Network Connect 7.1.0 (Version: 7.1.0.19525)
Juniper Networks Network Connect 7.2.0 (Version: 7.2.0.20761)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
Juniper Networks, Inc. Setup Client (Version: 7.2.1.20017)
Lenovo EasyCamera (Version: 5.4.1.6)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Expression Encoder 4 (Version: 4.0.4276.0)
Microsoft Expression Encoder 4 Screen Capture Codec (Version: 4.0.4276.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NETGEAR Genie (Version: 2.2.26.50 )
NETGEAR Live Parental Controls Management Utility 2.1.5 (Version: 2.1.5)
NETGEAR Live Parental Controls User Utility 1.0b40 (Version: 1.0b40)
NETGEAR USB Control Center  (Version: 1.11)
QuickTime (Version: 7.69.80.9)
R4i Skin Maker (Version: 1.5.3)
RAR Password Recovery v1.1 RC17 (remove only)
ReadySHARE Cloud (Version: 1.6.5.18)
Realtek High Definition Audio Driver (Version: 6.0.1.6002)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0165)
Segoe UI (Version: 15.4.2271.0615)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.1 (Version: 6.1.129)
SMI Grabber Device (Version: 1.0.0.26)
Sonos Controller (Version: 19.3.53220)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 Grabber (Version: 7.12.000.002)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vizzed Retro Game Room (Version: 2.0.0)
VoiceOver Kit (Version: 1.40.128.0)
WiFi Engine (Version: 1.3)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Yontoo 1.12.02 (Version: 1.12.02)

========================= Devices: ================================

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 2007.86 MB
Available physical RAM: 1011.58 MB
Total Pagefile: 4258.97 MB
Available Pagefile: 2396.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:187.88 GB) (Free:31.7 GB) NTFS
2 Drive d: () (Fixed) (Total:30.35 GB) (Free:4.84 GB) NTFS
3 Drive e: (WDO_Media32) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\YELLOWTAIL

Administrator            clark1                   Guest                    
Kwemple                  Mcx1                     Sonos                    


**** End of log ****
 



#13 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 12 March 2013 - 04:54 PM

FSS log:

 

Farbar Service Scanner Version: 03-03-2013
Ran by Kwemple (administrator) on 12-03-2013 at 17:08:54
Running from "C:\Users\Kwemple\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-03-09 14:57] - [2013-01-04 07:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Adware cleaner log:

 

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 17:11:16
# Updated 05/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Kwemple - YELLOWTAIL
# Boot Mode : Normal
# Running from : C:\Users\Kwemple\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Kwemple\AppData\Roaming\Mozilla\Firefox\Profiles\y3szgffq.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Kwemple\AppData\Roaming\Mozilla\Firefox\Profiles\y3szgffq.default\searchplugins\SearchResults.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files\SearchCore for Browsers
Folder Deleted : C:\Program Files\Windows Searchqu Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\clark1\AppData\Local\Conduit
Folder Deleted : C:\Users\clark1\AppData\Local\Temp\CT3072253
Folder Deleted : C:\Users\clark1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\clark1\AppData\Roaming\Mozilla\Firefox\Profiles\uq7py7rk.default\ConduitCommon
Folder Deleted : C:\Users\clark1\AppData\Roaming\Mozilla\Firefox\Profiles\uq7py7rk.default\CT3072253
Folder Deleted : C:\Users\clark1\AppData\Roaming\Mozilla\Firefox\Profiles\uq7py7rk.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\Kwemple\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Kwemple\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Kwemple\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kwemple\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Kwemple\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Kwemple\AppData\Roaming\Mozilla\Firefox\Profiles\y3szgffq.default\prefs.js

C:\Users\Kwemple\AppData\Roaming\Mozilla\Firefox\Profiles\y3szgffq.default\user.js ... Deleted !

Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 5);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtabpage.pinned", "[null,null,null,null,null,null,{\"url\":\"hxxp://web.mail.co[...]
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=amo[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112050&tt=06061[...]
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10665");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "EDA006D5FC60739533E34448C6860B86");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "9c519d8e00000000000000ff50044187");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15514");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:56:20");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.upn2", "6R8wUWZ5or");
Deleted : user_pref("extensions.incredibar.upn2n", "92824587572993975");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:56:20");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10665");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "9c519d8e00000000000000ff50044187");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15514");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8wUWZ5or&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8wUWZ5or");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824587572993975");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:56:20");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "6991e8b6-1d7a-4cfc-bb1f-2853cef8597b");
Deleted : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&s_qt=ab&s[...]

File : C:\Users\clark1\AppData\Roaming\Mozilla\Firefox\Profiles\uq7py7rk.default\prefs.js

Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "18-9-2012");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Sep 17 2012 19:57:28 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "21-4-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "fft85CB.tmp.exe");
Deleted : user_pref("CT3072253.InstallationType", "XPE");
Deleted : user_pref("CT3072253.InstalledDate", "Sat Apr 21 2012 14:13:46 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Sep 18 2012 16:37:15 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Wed Apr 25 2012 23:01:17 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Fri Jun 01 2012 15:37:01 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Sun Jul 29 2012 19:51:17 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Sat Aug 18 2012 13:58:29 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Tue Sep 18 2012 16:35:04 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Tue Sep 18 2012 16:37:15 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue Sep 18 2012 16:37:15 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Tue Sep 18 2012 16:35:03 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1347202496");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Apr 21 2012 14:13:44 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN90137277105697547");
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "5361742041707220323120323031322031343A31333A34392[...]
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "6D61676E65743A3F78743D75726E3A627469683A33383[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sat Apr 21 2012 14:13:46 GMT-0400 (Eastern [...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Tue Sep 18 2012 16:37:15 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sat Apr 21 2012 14:13:48 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"05b[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\clark1\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "16396b4c-58a5-46f2-8fc1-a971f3985c81");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Apr 21 2012 14:13:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Apr 21 2012 14:13:46 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "7863a64c-6585-48e5-9b87-2715b451e8ce");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kwemple\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [23335 octets] - [12/03/2013 17:11:16]

########## EOF - C:\AdwCleaner[S1].txt - [23396 octets] ##########
 



JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.0 (03.11.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Kwemple on Tue 03/12/2013 at 17:25:08.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2343111693-2188292013-3307047926-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-2343111693-2188292013-3307047926-1000\software\web assistant"
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Kwemple\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"



~~~ FireFox

Successfully deleted the following from C:\Users\Kwemple\AppData\Roaming\mozilla\firefox\profiles\y3szgffq.default\prefs.js

user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://espn.go.com/|||864134058
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://espn.go.com/|#|old_v
Emptied folder: C:\Users\Kwemple\AppData\Roaming\mozilla\firefox\profiles\y3szgffq.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/12/2013 at 17:28:14.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



Rkill log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/12/2013 05:44:43 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]

 * msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  74.208.10.249 gs.apple.com

Program finished at: 03/12/2013 05:45:02 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
 



Autoruns log:

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "BCSSync"    "Microsoft Office 2010 component"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\bcssync.exe"
+ "DivXUpdate"    "DivX Update"    ""    "c:\program files\divx\divx update\divxupdate.exe"
+ "EEventManager"    "EEventManager Application"    "SEIKO EPSON CORPORATION"    "c:\program files\epson software\event manager\eeventmanager.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files\itunes\ituneshelper.exe"
+ "MSC"    "Microsoft Security Client User Interface"    "Microsoft Corporation"    "c:\program files\microsoft security client\msseces.exe"
+ "Netgear UDS Control Center"    "Control Center"    ""    "c:\program files\netgear\usb control center\control center.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "RtHDVCpl"    "Realtek HD Audio Manager"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\rthdvcpl.exe"
"C:\Users\Kwemple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "OneNote 2010 Screen Clipper and Launcher.lnk"    "Microsoft OneNote Quick Launcher"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows Mail 7"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Akamai NetSession Interface"    ""    ""    "File not found: C:\Users\Kwemple\AppData\Local\Akamai\netsession_win.exe"
+ "Amazon Cloud Drive"    ""    ""    "c:\users\kwemple\appdata\local\amazon\cloud drive\amazonclouddrive.exe"
+ "EPLTarget\P0000000000000000"    "EPSON Status Monitor 3"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\spool\drivers\w32x86\3\e_fatihba.exe"
+ "EPLTarget\P0000000000000001"    "EPSON Status Monitor 3"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\spool\drivers\w32x86\3\e_fatihba.exe"
+ "NETGEARGenie"    ""    ""    "c:\program files\netgear genie\bin\netgeargenie.exe"
+ "Skype"    "Skype "    "Skype Technologies S.A."    "c:\program files\skype\phone\skype.exe"
+ "swg"    "GoogleToolbarNotifier"    "Google Inc."    "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "ms-help"    "Microsoft® Help Data Services Module"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "skype-ie-addon-data"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com"    "Skype for COM API"    "Skype Technologies"    "c:\program files\common files\skype\skype4com.dll"
+ "wlpg"    "Windows Live Album Download Protocol Handler"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "Groove GFS Stub Execution Hook"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "{32676103-3642-7396-3101-405888432813}"    ""    ""    "File not found: C:\Users\Kwemple\AppData\Local\Temp\aze.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "EnhancedStorageShell"    ""    ""    "File not found: C:\Users\Kwemple\AppData\Local\Temp\aze.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper"    "Microsoft SharePoint Workspace Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Sun Microsystems, Inc."    "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\urlredir.dll"
+ "Skype Browser Helper"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Skype Click to Call"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler"    ""    ""    ""
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files\apple software update\softwareupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"    "Windows Live Social Object Extractor Engine"    "Microsoft Corporation"    "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\Wired\GatherWiredInfo"    ""    ""    "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo"    ""    ""    "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}"    ""    ""    "File not found: C:\Windows\Bbyqib.exe"
+ "\{E3C18C53-AB17-45D7-AFC3-748C069684D9}"    "Skype "    "Skype Technologies S.A."    "c:\program files\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "dsNcService"    "Manages secure network connections"    "Juniper Networks"    "c:\program files\juniper networks\common files\dsncservice.exe"
+ "EpsonBidirectionalService"    "eEBAPI Core Process module"    "SEIKO EPSON CORPORATION"    "c:\program files\common files\epson\ebapi\eebsvc.exe"
+ "EpsonCustomerParticipation"    "Epson Customer Participation"    "SEIKO EPSON CORPORATION"    "c:\program files\epson\epsoncustomerparticipation\epcp.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft SharePoint Workspace Audit Service"    "Microsoft SharePoint Workspace"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\groove.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\microsoft security client\nissrv.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "ReadyNAS Remote Http Service"    "ReadyNAS Remote Http Service Layer"    "NETGEAR"    "c:\program files\netgear readyshare\cloud\bin\lnhttpservice.exe"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files\skype\updater\updater.exe"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "ACPIVPC"    "ACPI Virtual Power Controller Driver"    "Lenovo Corporation"    "c:\windows\system32\drivers\acpivpc.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "dsNcAdpt"    "dsNcAdapter"    "Juniper Networks"    "c:\windows\system32\drivers\dsncadpt.sys"
+ "E1G60"    "Intel® PRO/1000 Adapter NDIS 6 deserialized driver"    "Intel Corporation"    "c:\windows\system32\drivers\e1g60i32.sys"
+ "Fwleaf"    "Firewall NDIS 5.1 Driver( x86 )"    "NETGEAR"    "c:\windows\system32\drivers\fwleaf.sys"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hamachi"    "Hamachi Virtual Network Interface Driver"    "LogMeIn, Inc."    "c:\windows\system32\drivers\hamachi.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd32.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhda.sys"
+ "IntcHdmiAddService"    "Intel® High Definition Audio HDMI"    "Intel® Corporation"    "c:\windows\system32\drivers\intchdmi.sys"
+ "IpInIp"    "IP in IP Tunnel Driver"    ""    "File not found: system32\DRIVERS\ipinip.sys"
+ "k57nd60x"    "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\k57nd60x.sys"
+ "leafnets"    "Leaf Networks Network Adapter"    "Leaf Networks"    "c:\windows\system32\drivers\leafnets.sys"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"
+ "NetgearUDSMBus"    "KCodes Master Bus of USB Software Bus By TCP"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\netgearudsmbus.sys"
+ "NetgearUDSTcpBus"    "Kernel USB Software Bus by TCP"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\netgearudstcpbus.sys"
+ "NETw5v32"    "Intel® Wireless WiFi Link Driver"    "Intel Corporation"    "c:\windows\system32\drivers\netw5v32.sys"
+ "NPF"    "npf.sys (NT5/6 x86) Kernel Driver"    "CACE Technologies, Inc."    "c:\windows\system32\drivers\npf.sys"
+ "NwlnkFlt"    "IPX Traffic Filter Driver"    ""    "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd"    "IPX Traffic Forwarder Driver"    ""    "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "RTL8192cu"    "Realtek RTL8192C USB NDIS Driver"    "Realtek Semiconductor Corporation                           "    "c:\windows\system32\drivers\rtl8192cu.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SMIGrabber3C"    "Analog Tuner Sample"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\smiusbgrabber3c.sys"
+ "ssadbus"    "SAMSUNG Android USB Composite Device Driver"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadbus.sys"
+ "ssadmdfl"    "SAMSUNG Android USB Modem (Filter)"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadmdfl.sys"
+ "ssadmdm"    "SAMSUNG Android USB Modem Drivers"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadmdm.sys"
+ "StkCMini"    "Syntek USB 2.0 Video Mini Driver"    "Syntek"    "c:\windows\system32\drivers\stkcmini.sys"
+ "USBAAPL"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl.sys"
+ "usbsmi"    "SMI AVStream Camera Driver"    "SMI"    "c:\windows\system32\drivers\smiksdrv.sys"
+ "VMUVC"    ""    ""    "File not found: System32\Drivers\VMUVC.sys"
+ "vvftUVC"    ""    ""    "File not found: system32\drivers\vvftUVC.sys"
+ "WPRO_41_1742"    ""    ""    "File not found: system32\drivers\WPRO_41_1742.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.ac3filter"    ""    ""    "c:\windows\system32\ac3filter.acm"
+ "msacm.divxa32"    "DivX;-) Audio Codec"    "Packed With Joy !"    "c:\windows\system32\divxa32.acm"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX"    "DivX"    "DivX, Inc."    "c:\windows\system32\divx.dll"
+ "vidc.yv12"    "DivX"    "DivX, Inc."    "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "9x8Resize"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "AC3Filter"    "ac3filter"    ""    "c:\windows\system32\ac3filter.ax"
+ "Adaptive Streaming Filter"    "Expression Encoder"    "Microsoft Corporation"    "c:\program files\microsoft expression\encoder 4\microsoft.expression.encoder.utilities2.dll"
+ "Allocator Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination"    "WAVDest Filter (Sample)"    "Microsoft Corporation"    "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "DivX AAC Decoder"    "AAC audio decoder filter"    "DivX, Inc."    "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter"    "DivX Decoder Filter"    "DivX, Inc."    "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter"    "DivX Plus DMF Navigator Filter"    "DivX, Inc."    "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)"    "DivX Plus DMF Navigator Filter"    "DivX, Inc."    "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder"    "DivX H.264 Decoder Filter"    "DivX, Inc."    "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "Expression Encoder Screen Codec 2"    "Expression Encoder Screen Capture"    "Microsoft Corporation"    "c:\program files\microsoft expression\encoder 4\microsoft.expression.encoder.eescreen.codec.dll"
+ "Frame Eater"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "InterVideo Navigator"    "IVINAV LOGID.35321"    "InterVideo Inc."    "c:\windows\system32\ivinav.ax"
+ "InterVideo Video Decoder"    "IVIVIDEO LOGID.36709"    " InterVideo Inc."    "c:\windows\system32\ivivideo.ax"
+ "MPC - AVI<->AC3/DTS"    "AVI <-> AC3/DTS Converter"    "MPC-HC Team"    "c:\windows\system32\avi2ac3filter.ax"
+ "MPC - DTS/AC3/DD+ Source"    "DTS/AC3 Source Filter"    "MPC-HC Team"    "c:\windows\system32\dtsac3source.ax"
+ "MPC - FLV Source (Gabest)"    "FLV Splitter"    "MPC-HC Team"    "c:\windows\system32\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)"    "FLV Splitter"    "MPC-HC Team"    "c:\windows\system32\flvsplitter.ax"
+ "MPC - RealAudio Decoder"    "RealMedia Splitter"    "MPC-HC Team"    "c:\windows\system32\realmediasplitter.ax"
+ "MPC - RealMedia Source"    "RealMedia Splitter"    "MPC-HC Team"    "c:\windows\system32\realmediasplitter.ax"
+ "MPC - RealMedia Splitter"    "RealMedia Splitter"    "MPC-HC Team"    "c:\windows\system32\realmediasplitter.ax"
+ "MPC - RealVideo Decoder"    "RealMedia Splitter"    "MPC-HC Team"    "c:\windows\system32\realmediasplitter.ax"
+ "Multiple File Output"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Spdifer"    ""    ""    "c:\windows\system32\spdifer.ax"
+ "Stetch"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "VAMPD Filter"    ""    ""    "c:\windows\system32\vampd.ax"
+ "WM VIH2 Fix"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"    "Windows Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers"    ""    ""    ""
+ "dsNcCredentialProvider"    "Network Connect Credential Provider"    "Juniper Networks"    "c:\windows\system32\dsnccredprov.dll"
+ "dsNcSmartCardProvider"    "Network Connect Smart Card Credential Provider"    "Juniper Networks"    "c:\windows\system32\dsncsmartcardprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe"    ""    ""    ""
+ "C:\Users\Kwemple\Desktop\rkill.scr"    "Terminates malware processes so that you can run your normal security programs."    "Bleeping Computer, LLC"    "c:\users\kwemple\desktop\rkill.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "EPSON NX430 Series 32MonitorBA"    "EPSON Bi-directional Monitor x86"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\e_flbhba.dll"
+ "EpsonNet Print Port"    "EpsonNet Print Port Monitor DLL"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\enppmon.dll"
+ "PCL hpz3llhn"    "LanguageMonitor"    "Hewlett-Packard Company"    "c:\windows\system32\hpz3llhn.dll"
 



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:18 PM

Posted 12 March 2013 - 06:49 PM


Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log



#15 scrubbo

scrubbo
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:18 PM

Posted 12 March 2013 - 07:45 PM

Does the service repair run pretty quick?    it asks to reboot after stating that multiple services have been reinstalled.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users