Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing BITS (can't run windows update and other updates only function manually)


  • This topic is locked This topic is locked
44 replies to this topic

#1 ImmaNoob

ImmaNoob

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 07 June 2013 - 07:32 AM

I couldn't remember this login, so I created a new 1, hamluis said it's best to post on old account and he would try to link them or just delete the new 1, which is DumbBlonde1. Gringo assisted me last year during my ZeroAccess Rootkit Infection, and my PC ran like a charm after that until now.

 

But here are my current issues:

 

Randomly I get a rotary dial from the PC, usually that happens when the PC is in SLeep Mode and doesn't want to revive.

 

Malwarebytes no longer updates automatically and neither does MSE.

 

 

When trying to run Windows Update I receive a error message, trying to correct it I can not, because the BITS is missing. Although in MTB it does not show a BITS issue

 

Hamluis had me do thus far the following:

 

Ran MiniToolBox and Speccy results are posted below:

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Nikita BigBank (administrator) on 01-06-2013 at 22:58:50
Running from "C:\Users\Nikita BigBank\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/01/2013 10:54:28 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2011":
LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode: Product mode not found
 
Error: (06/01/2013 10:54:27 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:54:27 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:54:27 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:32:02 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2011":
LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode: Product mode not found
 
Error: (06/01/2013 10:31:41 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:31:41 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:31:41 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (06/01/2013 00:46:05 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2011":
LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode: Product mode not found
 
Error: (06/01/2013 00:45:52 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (06/01/2013 10:41:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.151.1327.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/01/2013 10:41:35 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.151.1327.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/01/2013 10:31:11 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/01/2013 10:31:10 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/01/2013 10:31:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
TfFsMon
TfSysMon
 
Error: (06/01/2013 10:30:51 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/01/2013 10:30:42 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:20:26 PM on ?6/?1/?2013 was unexpected.
 
Error: (06/01/2013 09:13:04 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/01/2013 01:56:39 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (06/01/2013 01:56:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
 
Microsoft Office Sessions:
=========================
Error: (06/01/2013 10:54:28 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro Plus 2011LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode: Product mode not found
 
Error: (06/01/2013 10:54:27 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:54:27 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:54:27 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:32:02 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro Plus 2011LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode: Product mode not found
 
Error: (06/01/2013 10:31:41 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:31:41 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (06/01/2013 10:31:41 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (06/01/2013 00:46:05 PM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro Plus 2011LicenseUtility::`anonymous-namespace'::LicenseUtilityImp::getProductMode: Product mode not found
 
Error: (06/01/2013 00:45:52 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-01 08:13:06.639
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-01 08:13:06.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-01 08:13:06.561
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-01 08:13:06.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.255
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-09-10 19:09:52.613
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-09-10 19:09:52.598
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
64 Bit HP CIO Components Installer (Version: 1.2.0)
Aces Up Buddy - Pogo Version 2.2
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Template Projects & Footage (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 3.4.0.2540)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Download Assistant (Version: 1.2.2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Manager (Version: 4.0.244)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Dolby (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe OnLocation CS4 (Version: 4)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Premiere Pro CS4 (Version: 4)
Adobe Premiere Pro CS4 Functional Content (Version: 4)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe SING CS4 (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
Advertising Center (Version: 0.0.0.2)
AI Manager (Version: 1.08.07)
Amazon MP3 Downloader 1.0.10
AP1 Loader 1.87.1
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate (Version: 7.17.12)
Big Fish Games: Game Manager (Version: 3.0.1.60)
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
BrowseToSave 1.74
Burger Shop
CCleaner (Version: 3.22)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Daycare Nightmare (remove only)
Download Updater (AOL Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.20702.00)
EPU-4 Engine (Version: 1.00.25)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileZilla Client 3.3.4.1 (Version: 3.3.4.1)
GemMaster 2.6.7.1114
GhostMouse (Version: Free V3.2.1)
Google Chrome (Version: 27.0.1453.94)
Google Talk Plugin (Version: 3.19.1.13088)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Grim Tales: The Legacy
I SPY ™ Spooky Mansion Deluxe
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
ImagXpress (Version: 7.0.74.0)
ImgBurn (Version: 2.5.5.0)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1968)
Intel® Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 11.0.2.26)
Java 7 Update 21 (Version: 7.0.210)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
Junk Mail filter update (Version: 16.4.3505.0912)
kuler (Version: 2.0)
Lexmark Software Uninstall
LightScribe System Software (Version: 1.18.13.1)
Magic ISO Maker v5.5 (build 0281)
Magic Life Survey
MagicDisc 2.7.106
magicJack (Version: 2.0.6073.4413)
magicJack Outlook Add-In 1.0.3.521 (Version: 1.0.3.521)
Mahjong Towers Eternity ™
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Menu Templates - Starter Kit (Version: 9.6.0.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 3 (Version: 3.0.20105.0)
Microsoft ASP.NET Web Pages (Version: 1.0.20105.0)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Silverlight 4 SDK (Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (Version: 5.0.61118.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Management Objects  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service  (Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31125)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31130)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (Version: 10.3.20225.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.6.0)
Move Media Player
Movie Maker (Version: 16.4.3505.0912)
Movie Templates - Starter Kit (Version: 9.6.0.0)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Mystery Case Files ®: 13th Skull ™
Mystery Case Files®: Escape from Ravenhearst™
Nancy Drew - Danger by Design
Nancy Drew: Secrets Can Kill Remastered
Nancy Drew: The Trail of the Twister
Nancy Drew: Warnings at Waverly Academy
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.23.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero Express Help (Version: 9.4.39.100)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.27.100)
Nero StartSmart (Version: 9.4.40.100)
Nero StartSmart Help (Version: 9.4.40.100)
Nero Vision (Version: 6.4.19.100)
Nero Vision Help (Version: 6.4.15.100)
NeroExpress (Version: 9.4.39.100)
neroxml (Version: 1.0.0)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.0.0.133)
Nostradamus: The Last Prophecy
OpenOffice.org 3.2 (Version: 3.2.9502)
OptimizerPro Upd (Version: 1.0)
Outlook Setup Tool (Version: 2.0.14)
Palringo
PDF Settings CS4 (Version: 9.0)
PFPortChecker 1.0.39 (Version: 1.0.39)
ph (Version: 1.0.0)
Photo Gallery (Version: 16.4.3505.0912)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
Pogo Games (remove only)
Prerequisites for SSDT  (Version: 11.0.2100.60)
Price Check by AOL (Version: 1.11.2.1)
QuickBooks (Version: 21.0.4003.904)
QuickBooks Pro 2011 (Version: 21.0.4003.904)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Revo Uninstaller 1.94 (Version: 1.94)
Season Match 2
Skype Click to Call (Version: 6.7.12055)
Skype™ 6.3 (Version: 6.3.107)
Suite Shared Configuration CS4 (Version: 1.0)
Swag Bucks Toolbar (Version: 6.8.5.1)
swMSM (Version: 12.0.0.1)
UltraVnc (Version: 1.0.9.62)
Unity Web Player (Version: )
Update for  (KB2504637) (Version: 1)
WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
WinPatrol (Version: 25.6.2012.1)
WinRAR archiver
Wonderland Buddy - Pogo Version 1.6
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
 
========================= Memory info: ===================================
 
Percentage of memory in use: 27%
Total physical RAM: 8079.05 MB
Available physical RAM: 5833.92 MB
Total Pagefile: 16156.3 MB
Available Pagefile: 13750.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: (WIN7) (Fixed) (Total:921.51 GB) (Free:801.3 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DAVINCIHD
 
Administrator            Damien Walker            Guest                    
Nikita BigBank           
 
 
**** End of log ****
 
 
Operating System
Microsoft Windows 7 Home Premium 64-bit SP1
CPU
Intel Core i5 650 @ 3.20GHz 47 °C
Clarkdale 32nm Technology
RAM
8.00GB Dual-Channel DDR3 @ 666MHz (9-9-9-24)
Motherboard
ASUSTeK Computer INC. CG5275 (LGA1156) 38 °C
Graphics
SyncMaster (800x600@60Hz)
Intel HD Graphics (ASUStek Computer Inc)
Hard Drives
932GB Seagate ST31000528AS ATA Device (SATA) 39 °C
Optical Drives
HL-DT-ST DVDRAM GH40N ATA Device
MagicISO Virtual DVD-ROM0000
HP DVD Writer 1270t ATA Device
YMAX magicJack USB Device
Audio
Realtek High Definition Audio

 

 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 07 June 2013 - 10:08 PM


Hello ImmaNoob

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 07 June 2013 - 10:28 PM

# AdwCleaner v2.302 - Logfile created 06/07/2013 at 23:22:21
# Updated 06/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Nikita BigBank - DAVINCIHD
# Boot Mode : Normal
# Running from : C:\Users\Nikita BigBank\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\BetterSoft
File Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\extensions\toolbar@alexa.com.xpi
File Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\searchplugins\funmoods.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Swag_Bucks
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\Users\Damien Walker\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Damien Walker\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\Nikita BigBank\AppData\Local\APN
Folder Deleted : C:\Users\Nikita BigBank\AppData\Local\Conduit
Folder Deleted : C:\Users\Nikita BigBank\AppData\Local\PackageAware
Folder Deleted : C:\Users\Nikita BigBank\AppData\Local\Swag_Bucks
Folder Deleted : C:\Users\Nikita BigBank\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nikita BigBank\AppData\LocalLow\CouponAlert_2p
Folder Deleted : C:\Users\Nikita BigBank\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\ConduitCommon
Folder Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\CT2260173
Folder Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
Folder Deleted : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\NIKITA~1\AppData\Local\Temp\AskSearch
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Swag_Bucks
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABF2697D-EBAF-4E05-A5FD-D7AD3E42EB27}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3980FEE-B47C-4026-BFD9-AC008F215B13}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0DzytCtCyEyBtA0DyDzztN0D0Tzu0CtAtDtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=345303506 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
File : C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\prefs.js
 
C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\user.js ... Deleted !
 
Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Wed Apr 25 2012 00:33:04 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2260173.CurrentServerDate", "28-5-2013");
Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Tue May 28 2013 12:45:47 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Tue Jan 22 2013 08:44:58 GMT-0500 (Eastern St[...]
Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Tue Jan 22 2013 08:44:58 GMT-0500 (Eastern St[...]
Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Deleted : user_pref("CT2260173.FirstServerDate", "24-6-2011");
Deleted : user_pref("CT2260173.FirstTime", true);
Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Deleted : user_pref("CT2260173.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2260173.Initialize", true);
Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2260173.InstalledDate", "Fri Jun 24 2011 07:59:00 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2260173.InvalidateCache", false);
Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Deleted : user_pref("CT2260173.IsGrouping", false);
Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Deleted : user_pref("CT2260173.IsMulticommunity", false);
Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Tue May 28 2013 12:45:47 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2260173.LastLogin_3.10.0.1", "Wed Apr 25 2012 04:43:47 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.0.7", "Wed May 02 2012 14:29:28 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.2.3", "Tue May 29 2012 10:59:16 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.13.0.6", "Thu Jul 19 2012 11:34:30 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.14.1.0", "Mon Aug 27 2012 13:07:51 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.15.1.0", "Tue May 28 2013 12:45:45 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.5.0.12", "Mon Aug 15 2011 12:53:53 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.6.0.10", "Fri Sep 30 2011 04:55:12 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LastLogin_3.7.0.6", "Fri Oct 14 2011 18:05:02 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.8.0.8", "Fri Dec 16 2011 02:21:59 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.8.1.0", "Sat Jan 07 2012 07:03:30 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2260173.LastLogin_3.9.0.3", "Wed Mar 14 2012 01:41:50 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2260173.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2260173.Locale", "en");
Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2260173.MCDetectTooltipShow", false);
Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2260173.RadioLastCheckTime", "0");
Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2260173.SearchBoxWidth", 147);
Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Tue May 28 2013 12:45:45 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Tue May 28 2013 12:45:45 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Tue May 28 2013 12:45:44 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2260173.SettingsLastUpdate", "1369725998");
Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Tue May 28 2013 12:45:44 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2260173.UserID", "UN45786547995867843");
Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2260173.alertChannelId", "657446");
Deleted : user_pref("CT2260173.approveUntrustedApps", false);
Deleted : user_pref("CT2260173.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2260173.backendstorage.for_aoi", "31333131373032343335");
Deleted : user_pref("CT2260173.backendstorage.for_ccid", "5068696C6164656C70686961");
Deleted : user_pref("CT2260173.backendstorage.for_cdtr2", "31333131373032343335");
Deleted : user_pref("CT2260173.backendstorage.for_cid", "5553");
Deleted : user_pref("CT2260173.backendstorage.for_ip", "37362E39392E36322E313333");
Deleted : user_pref("CT2260173.backendstorage.for_lcut", "31333538383632333034");
Deleted : user_pref("CT2260173.backendstorage.for_rid", "5041");
Deleted : user_pref("CT2260173.backendstorage.for_zoneid", "3130303636");
Deleted : user_pref("CT2260173.backendstorage.forcb_aoi", "31333131373032343330");
Deleted : user_pref("CT2260173.backendstorage.forcb_ccid", "5068696C6164656C70686961");
Deleted : user_pref("CT2260173.backendstorage.forcb_cdtr5", "31333131373032343330");
Deleted : user_pref("CT2260173.backendstorage.forcb_cid", "5553");
Deleted : user_pref("CT2260173.backendstorage.forcb_ip", "37362E3132342E38372E323036");
Deleted : user_pref("CT2260173.backendstorage.forcb_lcut", "31333131373032343330");
Deleted : user_pref("CT2260173.backendstorage.forcb_rid", "5041");
Deleted : user_pref("CT2260173.backendstorage.forcb_zoneid", "3130303636");
Deleted : user_pref("CT2260173.backendstorage.url_history", "687474703A2F2F776561746865722E7961686F6F2E636F6D2[...]
Deleted : user_pref("CT2260173.backendstorage.url_history_time", "31333131373236313533383331");
Deleted : user_pref("CT2260173.components.1000034", false);
Deleted : user_pref("CT2260173.components.1000080", true);
Deleted : user_pref("CT2260173.components.1000082", false);
Deleted : user_pref("CT2260173.components.1000234", false);
Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Tue May 28 2013 12:45:47 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.initDone", true);
Deleted : user_pref("CT2260173.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2260173.myStuffEnabled", true);
Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.testingCtid", "");
Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Tue May 28 2013 12:45:47 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Tue May 28 2013 12:45:47 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2260173&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c15[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Nikita BigBank\\AppData\\Roaming\\M[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://toolbartv.swagbucks.com", "400x574");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.search-results.com/web?o=1586[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 10 2011 06:48:30 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 29 2011 12:10:03 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 22:12:12 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{4ff07110-6775-4e20-8656-6e6d074ca0d1}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Jul 19 2012 07:34:27 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "0ac03332-e6b0-4925-8987-2523db962c92");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2260173");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 28 2013 12:45:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 28 2013 12:45:46 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "eeb638d6-14d4-4fd5-b0df-52c3a8cbadbd");
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Deleted : user_pref("aol_toolbar.default.homepage.check", true);
Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020");
Deleted : user_pref("aol_toolbar.default.search.check", true);
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{2481C522-5526-BE47-6981-4ECA046BB63D}");
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9085");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "28");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "4");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "28");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "4");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "5");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1369759542896");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "28-05-2013");
Deleted : user_pref("aol_toolbar.search.instd", "20130209164848272");
Deleted : user_pref("aol_toolbar.search.oid", "28-05-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "2");
Deleted : user_pref("aol_toolbar.surf.lastDate", "28");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "4");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "2");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "2");
Deleted : user_pref("aol_toolbar.surf.week", "2");
Deleted : user_pref("aol_toolbar.surf.year", "2");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "16");
Deleted : user_pref("aol_toolbar.weather.degf", "61");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/11.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Showers");
Deleted : user_pref("aol_toolbar.weather.update", "1369759544953");
Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=web[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...]
Deleted : user_pref("extensions.enabledAddons", "2020Player_IKEA%402020Technologies.com:5.0.93.0,ffxtlbr%40fun[...]
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "BF3D063C41FD5883E772E9C16A310AFB");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.hrdid", "E0CB4ED911473D58");
Deleted : user_pref("extensions.funmoods.id", "E0CB4ED911473D58");
Deleted : user_pref("extensions.funmoods.instlDay", "15642");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.instlday", "15642");
Deleted : user_pref("extensions.funmoods.instlref", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:17:57");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:17:57");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:17:57");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:17:57");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
 
File : C:\Users\Damien Walker\AppData\Roaming\Mozilla\Firefox\Profiles\m364bh83.default\prefs.js
 
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [58888 octets] - [07/06/2013 23:19:36]
AdwCleaner[S1].txt - [60268 octets] - [07/06/2013 23:22:21]
 
########## EOF - C:\AdwCleaner[S1].txt - [60329 octets] ##########


#4 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 07 June 2013 - 10:36 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nikita BigBank on Fri 06/07/2013 at 23:31:41.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53DEA80F-6FB4-4386-89F0-FBAF0BB2EBFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CB689243-D128-476D-9004-3BBB7AA62F3A}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\bettersoft"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Nikita BigBank\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Nikita BigBank\appdata\local\visi_coupon"
Failed to delete: [Folder] "C:\Users\Nikita BigBank\appdata\locallow\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Nikita BigBank\appdata\local\{6ed21b53-1e00-feb0-f299-3b1d83a39919}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Nikita BigBank\AppData\Roaming\mozilla\firefox\profiles\zkp4y21p.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
Successfully deleted the following from C:\Users\Nikita BigBank\AppData\Roaming\mozilla\firefox\profiles\zkp4y21p.default\prefs.js
 
user_pref("browser.bdtoolbar.search_searchbar", true);
user_pref("extensions.alexa.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\" :  {\n  
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.id", "XZQB0DF8GRRDRHZAFWZJH3A95LV7MIO97PD40YTJIQDGV9TKTO");
user_pref("google.toolbar.install_id", "XZQB0DF8GRRDRHZAFWZJH3A95LV7MIO97PD40YTJIQDGV9TKTO");
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Nikita BigBank\AppData\Roaming\mozilla\firefox\profiles\zkp4y21p.default\minidumps [19 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/07/2013 at 23:34:39.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 07 June 2013 - 10:48 PM


Hello ImmaNoob



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 07 June 2013 - 10:56 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-06-2013 02
Ran by Nikita BigBank (administrator) on 07-06-2013 23:52:04
Running from C:\Users\Nikita BigBank\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
( ) C:\Windows\system32\LMabcoms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
() C:\ProgramData\BetterSoft\OptimizerPro Upd\OptimizerPro Upd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\chrome.exe
(magicJack L.P.) C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\magicJack.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [892416 2012-09-12] (Microsoft Corporation)
HKCU\...\Run: [cdloader] "C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2009-10-07] ( )
HKCU\...\Run: [Google Update] "C:\Users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-04-16] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Facebook Update] "C:\Users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-04-22] (Facebook Inc.)
HKCU\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [423144 2013-04-26] (BillP Studios)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Damien Walker\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\Damien Walker\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-18] (Google Inc.)
HKU\Damien Walker\...\RunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1168638.exe" -Update [1039832 2012-10-16] (Adobe Systems, Inc.)
HKU\Damien Walker\...\Policies\system: [LogonHoursAction] 2
HKU\Damien Walker\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.davincihd.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Price Check by AOL - {D25B97E9-62B2-40CE-BECF-E43A7B879072} - C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll (AOL Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {15BE8BEE-4105-4A79-B385-25068AA967DB} http://www.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {5EA13312-8764-496F-B4AB-F7A872B51E14} http://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: msdaipp - No CLSID Value - 
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default
FF Homepage: hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "type", 4
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\Extensions\2020Player_IKEA@2020Technologies.com
FF Extension: Yahoo! Toolbar - C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\Extensions\{1DEC6447-C74F-4886-9002-202C27C703F1}.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://yahoo.com/
CHR RestoreOnStartup: "hxxp://www.davincihd.com/"
CHR DefaultSearchURL: (Swag Bucks Customized Web Search) - http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
CHR DefaultSuggestURL: (Swag Bucks Customized Web Search) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Nikita BigBank\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Nikita BigBank\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Nikita BigBank\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Nikita BigBank\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Move Streaming Media Player) - C:\Users\Nikita BigBank\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0
CHR Extension: (Gmail) - C:\Users\Nikita BigBank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1044992 2009-10-07] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
S4 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1251840 2010-09-17] ()
S2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-11-04] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-10] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]
U3 tmlwf; 
U3 tmwfp; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-07 23:51 - 2013-06-07 23:51 - 01919218 ____A (Farbar) C:\Users\Nikita BigBank\Downloads\FRST64.exe
2013-06-07 23:51 - 2013-06-07 23:51 - 00000000 ____D C:\FRST
2013-06-07 23:31 - 2013-06-07 23:31 - 00000000 ____D C:\Windows\ERUNT
2013-06-07 23:31 - 2013-06-07 23:31 - 00000000 ____D C:\JRT
2013-06-07 23:30 - 2013-06-07 23:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nikita BigBank\Downloads\JRT.exe
2013-06-07 23:22 - 2013-06-07 23:23 - 00060183 ____A C:\AdwCleaner[S1].txt
2013-06-07 23:22 - 2013-06-07 23:23 - 00000093 ____A C:\Windows\DeleteOnReboot.bat
2013-06-07 23:19 - 2013-06-07 23:19 - 00058888 ____A C:\AdwCleaner[R1].txt
2013-06-07 23:16 - 2013-06-07 23:16 - 00640135 ____A C:\Users\Nikita BigBank\Downloads\AdwCleaner.exe
2013-06-07 08:48 - 2013-06-07 08:48 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-07 08:48 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-07 08:48 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-07 08:48 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-07 08:46 - 2013-06-07 08:46 - 00903072 ____A (Oracle Corporation) C:\Users\Nikita BigBank\Downloads\chromeinstall-7u21.exe
2013-06-06 14:01 - 2013-06-06 14:01 - 00906440 ____A (BillP Studios) C:\Users\Nikita BigBank\Downloads\wpsetup (1).exe
2013-06-06 14:00 - 2013-06-06 14:00 - 00033890 ____A C:\HijackPatrol.log
2013-06-04 08:40 - 2013-06-04 08:40 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Local\Microsoft Corporation
2013-06-04 08:37 - 2013-06-06 13:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2013-06-04 08:15 - 2013-06-04 08:15 - 00000000 ____D C:\Users\Nikita BigBank\Desktop\Interior Spain
2013-06-03 08:28 - 2013-06-03 08:28 - 00377775 ____A C:\Users\Nikita BigBank\Downloads\DAVINCIHD.speccy
2013-06-03 08:26 - 2013-06-06 13:49 - 00000000 ____D C:\Program Files\Speccy
2013-05-19 20:12 - 2013-05-19 20:12 - 00000000 ____D C:\Users\Damien Walker\AppData\Local\Apple
 
==================== One Month Modified Files and Folders =======
 
2013-06-07 23:51 - 2013-06-07 23:51 - 01919218 ____A (Farbar) C:\Users\Nikita BigBank\Downloads\FRST64.exe
2013-06-07 23:51 - 2013-06-07 23:51 - 00000000 ____D C:\FRST
2013-06-07 23:49 - 2010-11-04 08:44 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-07 23:38 - 2010-11-07 21:38 - 00001023 ____A C:\Users\Nikita BigBank\Desktop\magicJack.lnk
2013-06-07 23:38 - 2010-11-07 21:38 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\mjusbsp
2013-06-07 23:35 - 2010-11-04 07:37 - 01503095 ____A C:\Windows\WindowsUpdate.log
2013-06-07 23:32 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-07 23:32 - 2009-07-14 00:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-07 23:31 - 2013-06-07 23:31 - 00000000 ____D C:\Windows\ERUNT
2013-06-07 23:31 - 2013-06-07 23:31 - 00000000 ____D C:\JRT
2013-06-07 23:30 - 2013-06-07 23:30 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nikita BigBank\Downloads\JRT.exe
2013-06-07 23:30 - 2009-07-14 01:13 - 00781124 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-07 23:26 - 2011-04-16 18:26 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
2013-06-07 23:26 - 2011-04-16 18:26 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
2013-06-07 23:25 - 2013-02-10 00:25 - 00000632 _RASH C:\Users\Nikita BigBank\ntuser.pol
2013-06-07 23:25 - 2013-02-09 17:36 - 00000458 ___AH C:\Windows\Tasks\schedule!1877806136.job
2013-06-07 23:25 - 2010-11-04 08:44 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-07 23:25 - 2010-11-04 07:37 - 00000000 ____D C:\users\Nikita BigBank
2013-06-07 23:24 - 2013-02-12 11:53 - 00027842 ____A C:\Windows\PFRO.log
2013-06-07 23:24 - 2013-01-03 20:20 - 00011976 ____A C:\Windows\setupact.log
2013-06-07 23:24 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-07 23:23 - 2013-06-07 23:22 - 00060183 ____A C:\AdwCleaner[S1].txt
2013-06-07 23:23 - 2013-06-07 23:22 - 00000093 ____A C:\Windows\DeleteOnReboot.bat
2013-06-07 23:19 - 2013-06-07 23:19 - 00058888 ____A C:\AdwCleaner[R1].txt
2013-06-07 23:18 - 2012-07-11 08:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 23:16 - 2013-06-07 23:16 - 00640135 ____A C:\Users\Nikita BigBank\Downloads\AdwCleaner.exe
2013-06-07 21:36 - 2013-04-22 21:31 - 00000964 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
2013-06-07 21:36 - 2013-04-22 21:31 - 00000942 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
2013-06-07 20:06 - 2011-02-22 17:34 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Local\Windows Live
2013-06-07 18:26 - 2010-11-04 08:10 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\Mozilla
2013-06-07 08:48 - 2013-06-07 08:48 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-06-07 08:48 - 2013-03-09 09:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-07 08:46 - 2013-06-07 08:46 - 00903072 ____A (Oracle Corporation) C:\Users\Nikita BigBank\Downloads\chromeinstall-7u21.exe
2013-06-06 21:27 - 2012-08-20 09:25 - 00002414 ____A C:\Users\Nikita BigBank\Desktop\Google Chrome.lnk
2013-06-06 14:07 - 2012-09-03 20:49 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\WinPatrol
2013-06-06 14:01 - 2013-06-06 14:01 - 00906440 ____A (BillP Studios) C:\Users\Nikita BigBank\Downloads\wpsetup (1).exe
2013-06-06 14:00 - 2013-06-06 14:00 - 00033890 ____A C:\HijackPatrol.log
2013-06-06 13:51 - 2013-02-12 13:44 - 00000920 _RASH C:\Users\Damien Walker\ntuser.pol
2013-06-06 13:51 - 2013-02-12 13:44 - 00000000 ____D C:\users\Damien Walker
2013-06-06 13:50 - 2010-11-04 08:21 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\mIRC
2013-06-06 13:50 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-06 13:50 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-06 13:49 - 2013-06-04 08:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2013-06-06 13:49 - 2013-06-03 08:26 - 00000000 ____D C:\Program Files\Speccy
2013-06-06 13:49 - 2012-08-29 21:23 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\Malwarebytes
2013-06-06 13:49 - 2010-11-04 08:44 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\Skype
2013-06-06 13:49 - 2010-11-04 08:16 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Roaming\Yahoo!
2013-06-06 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-06-06 13:48 - 2010-11-04 08:16 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-06-04 08:40 - 2013-06-04 08:40 - 00000000 ____D C:\Users\Nikita BigBank\AppData\Local\Microsoft Corporation
2013-06-04 08:15 - 2013-06-04 08:15 - 00000000 ____D C:\Users\Nikita BigBank\Desktop\Interior Spain
2013-06-03 08:28 - 2013-06-03 08:28 - 00377775 ____A C:\Users\Nikita BigBank\Downloads\DAVINCIHD.speccy
2013-06-01 22:58 - 2012-08-29 21:20 - 00025185 ____A C:\Users\Nikita BigBank\Downloads\Result.txt
2013-06-01 10:46 - 2012-10-23 10:14 - 00000000 ____D C:\Users\Nikita BigBank\Documents\lowes
2013-05-30 20:57 - 2012-12-21 16:18 - 00000000 ____D C:\Users\Nikita BigBank\Downloads\All sizes   Dick parade   Flickr - Photo Sharing!_files
2013-05-22 08:33 - 2010-11-04 08:44 - 00000000 ____D C:\ProgramData\Skype
2013-05-19 20:12 - 2013-05-19 20:12 - 00000000 ____D C:\Users\Damien Walker\AppData\Local\Apple
2013-05-19 14:18 - 2012-04-03 13:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-19 14:18 - 2011-06-16 12:13 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-19 13:11 - 2012-04-25 06:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
ZeroAccess:
C:\Windows\Installer\{6ed21b53-1e00-feb0-f299-3b1d83a39919}
C:\Windows\Installer\{6ed21b53-1e00-feb0-f299-3b1d83a39919}\L
C:\Windows\Installer\{6ed21b53-1e00-feb0-f299-3b1d83a39919}\U
C:\Windows\Installer\{6ed21b53-1e00-feb0-f299-3b1d83a39919}\L\00000004.@
C:\Windows\Installer\{6ed21b53-1e00-feb0-f299-3b1d83a39919}\L\201d3dde
 
ZeroAccess:
C:\Users\Nikita BigBank\AppData\Local\{6ed21b53-1e00-feb0-f299-3b1d83a39919}
C:\Users\Nikita BigBank\AppData\Local\{6ed21b53-1e00-feb0-f299-3b1d83a39919}\L
C:\Users\Nikita BigBank\AppData\Local\{6ed21b53-1e00-feb0-f299-3b1d83a39919}\U
 
Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
Last Boot: 2013-06-03 00:14
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2013 02
Ran by Nikita BigBank at 2013-06-07 23:52:54 Run:
Running from C:\Users\Nikita BigBank\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
64 Bit HP CIO Components Installer (Version: 1.2.0)
Aces Up Buddy - Pogo Version 2.2
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 (Version: 9)
Adobe After Effects CS4 Presets (Version: 9)
Adobe After Effects CS4 Template Projects & Footage (Version: 9)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 3.4.0.2540)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Download Assistant (Version: 1.2.2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Manager (Version: 4.0.244)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0)
Adobe Media Encoder CS4 Dolby (Version: 1.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe OnLocation CS4 (Version: 4)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Premiere Pro CS4 (Version: 4)
Adobe Premiere Pro CS4 Functional Content (Version: 4)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe SING CS4 (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
Advertising Center (Version: 0.0.0.2)
AI Manager (Version: 1.08.07)
Amazon MP3 Downloader 1.0.10
AP1 Loader 1.87.1
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate (Version: 7.17.12)
Big Fish Games: Game Manager (Version: 3.0.1.60)
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
BrowseToSave 1.74
Burger Shop
CCleaner (Version: 3.22)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Daycare Nightmare (remove only)
Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.20702.00)
EPU-4 Engine (Version: 1.00.25)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileZilla Client 3.3.4.1 (Version: 3.3.4.1)
GemMaster 2.6.7.1114
GhostMouse (Version: Free V3.2.1)
Google Chrome (Version: 27.0.1453.110)
Google Talk Plugin (Version: 4.0.1.13525)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Grim Tales: The Legacy
I SPY ™ Spooky Mansion Deluxe
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
ImagXpress (Version: 7.0.74.0)
ImgBurn (Version: 2.5.5.0)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1968)
Intel® Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 11.0.2.26)
Java 7 Update 21 (Version: 7.0.210)
Java 7 Update 9 (64-bit) (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
Junk Mail filter update (Version: 16.4.3505.0912)
kuler (Version: 2.0)
Lexmark Software Uninstall
LightScribe System Software (Version: 1.18.13.1)
Magic ISO Maker v5.5 (build 0281)
Magic Life Survey
MagicDisc 2.7.106
magicJack (Version: 2.0.6073.4413)
magicJack Outlook Add-In 1.0.3.521 (Version: 1.0.3.521)
Mahjong Towers Eternity ™
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Menu Templates - Starter Kit (Version: 9.6.0.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 3 (Version: 3.0.20105.0)
Microsoft ASP.NET Web Pages (Version: 1.0.20105.0)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Silverlight 4 SDK (Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (Version: 5.0.61118.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Management Objects  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service  (Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (Version: 11.1.20627.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31125)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31130)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (Version: 10.3.20225.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.6.0)
Move Media Player
Movie Maker (Version: 16.4.3505.0912)
Movie Templates - Starter Kit (Version: 9.6.0.0)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Mystery Case Files &reg;: 13th Skull ™
Mystery Case Files&reg;: Escape from Ravenhearst™
Nancy Drew - Danger by Design
Nancy Drew: Secrets Can Kill Remastered
Nancy Drew: The Trail of the Twister
Nancy Drew: Warnings at Waverly Academy
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.23.100)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero Express Help (Version: 9.4.39.100)
Nero InfoTool (Version: 6.4.12.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero ShowTime (Version: 5.4.27.100)
Nero StartSmart (Version: 9.4.40.100)
Nero StartSmart Help (Version: 9.4.40.100)
Nero Vision (Version: 6.4.19.100)
Nero Vision Help (Version: 6.4.15.100)
NeroExpress (Version: 9.4.39.100)
neroxml (Version: 1.0.0)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.0.0.133)
Nostradamus: The Last Prophecy
OpenOffice.org 3.2 (Version: 3.2.9502)
OptimizerPro Upd (Version: 1.0)
Outlook Setup Tool (Version: 2.0.14)
Palringo
PDF Settings CS4 (Version: 9.0)
PFPortChecker 1.0.39 (Version: 1.0.39)
ph (Version: 1.0.0)
Photo Gallery (Version: 16.4.3505.0912)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
Pogo Games (remove only)
Prerequisites for SSDT  (Version: 11.0.2100.60)
Price Check by AOL (Version: 1.11.2.1)
QuickBooks (Version: 21.0.4003.904)
QuickBooks Pro 2011 (Version: 21.0.4003.904)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Revo Uninstaller 1.94 (Version: 1.94)
Season Match 2
Skype Click to Call (Version: 6.7.12055)
Skype™ 6.3 (Version: 6.3.107)
Suite Shared Configuration CS4 (Version: 1.0)
swMSM (Version: 12.0.0.1)
UltraVnc (Version: 1.0.9.62)
Unity Web Player (Version: )
Update for  (KB2504637) (Version: 1)
WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
WinPatrol (Version: 25.6.2012.1)
WinPatrol (Version: 28.1.2013.0)
WinRAR archiver
Wonderland Buddy - Pogo Version 1.6
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
 
==================== Restore Points  =========================
 
29-05-2013 04:03:17 Scheduled Checkpoint
01-06-2013 01:41:11 Installed Java 7 Update 21
04-06-2013 12:37:00 Installed Windows 7 Upgrade Advisor
06-06-2013 17:38:03 Restore Operation
07-06-2013 12:47:53 Installed Java 7 Update 21
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (06/07/2013 11:35:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.151.1743.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (06/07/2013 11:35:25 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.151.1743.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.1.0522.00
 
Source Path: 4.1.0522.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-01 08:13:06.639
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-01 08:13:06.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-01 08:13:06.561
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-09-01 08:13:06.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.255
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-30 15:46:46.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-09-10 19:09:52.613
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-09-10 19:09:52.598
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 8079.05 MB
Available physical RAM: 5953.82 MB
Total Pagefile: 16156.3 MB
Available Pagefile: 13956.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (WIN7) (Fixed) (Total:921.51 GB) (Free:800.61 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=10 GB) - (Type=1B)
Partition 2: (Active) - (Size=922 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 07 June 2013 - 10:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo

Edited by gringo_pr, 07 June 2013 - 10:59 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 08 June 2013 - 08:16 AM

ComboFix 13-06-08.01 - Nikita BigBank 06/08/2013   9:06.9.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8079.6279 [GMT -4:00]
Running from: c:\users\Nikita BigBank\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nikita BigBank\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-08 13:10 . 2013-06-08 13:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-06-08 13:10 . 2013-06-08 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-08 13:10 . 2013-06-08 13:10 -------- d-----w- c:\users\Damien Walker\AppData\Local\temp
2013-06-08 03:51 . 2013-06-08 03:51 -------- d-----w- C:\FRST
2013-06-08 03:31 . 2013-06-08 03:31 -------- d-----w- c:\windows\ERUNT
2013-06-08 03:31 . 2013-06-08 03:31 -------- d-----w- C:\JRT
2013-06-08 03:22 . 2013-06-08 03:23 93 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-07 12:48 . 2013-06-07 12:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-07 12:48 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-06 18:01 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6C98D24-2D7D-4736-90CC-DB354E0D8967}\mpengine.dll
2013-06-06 17:51 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-04 12:40 . 2013-06-04 12:40 -------- d-----w- c:\users\Nikita BigBank\AppData\Local\Microsoft Corporation
2013-06-04 12:37 . 2013-06-06 17:49 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2013-06-03 12:26 . 2013-06-06 17:49 -------- d-----w- c:\program files\Speccy
2013-05-25 17:39 . 2013-05-17 14:19 964552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09517853-42A1-433A-A5CD-BE774B75CBCF}\gapaengine.dll
2013-05-20 00:12 . 2013-05-20 00:12 -------- d-----w- c:\users\Damien Walker\AppData\Local\Apple
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 18:18 . 2012-04-03 17:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-19 18:18 . 2011-06-16 16:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 02:39 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-12 19:49 . 2013-03-12 23:34 905296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-04 18:50 . 2012-08-30 01:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-21 02:26 . 2010-02-28 05:01 16384 ----a-w- c:\windows\SysWow64\msdrve.dll
2013-03-21 02:26 . 2010-02-28 05:01 10816 ----a-w- c:\windows\vmoptver.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-12 16:39 220632 ----a-w- c:\users\Nikita BigBank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-12 16:39 220632 ----a-w- c:\users\Nikita BigBank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-12 16:39 220632 ----a-w- c:\users\Nikita BigBank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Nikita BigBank\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"LMab1err"="c:\program files\Lexmark\ErrorApp\LMab1err.exe" [2009-10-07 582312]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"Facebook Update"="c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-23 138096]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-11-5 3280896]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-30 1156384]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2010-9-30 1178400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= 727156ee7d37880c4aa30b67c9b1816cc9c5494bc933f59d0b04ff4ae9f7b7aa6cc780ea1bac3cb21124050453f31e676069294609e39a9382946bafba86118ee8dbb01666598bc9c326bea4f013cf2f478a8fc2554acfcc1e78e9ca7c953154fa0c364c3c07455b9b872f9e0fb44c9c5271c07c4234fd74871589857724026636005fbd22a678956e86c90d0cdc734dd13d83bfd470777b17d780fe02690f00308aedde6c91e9fb228be87b7365344b2b0b1661f3d2a645c713e2d0ab19fe339a3efb3cc0507bd5e83ad4cd38e063dc1c4a22e180057d6d42c66285e75198a48d9951002029af020ed1c27248c446112e09d48c8bce359ef9d37729a71dd7855aefe418b2f6e227afc46deb737f5ee84adbf37ae74529b1f0616d5ebeb7746e5da96877dba94491bfa98167d7d2f28d3778ec98157e4eab5d5bd6f12a501cf0fbb6a46a9702a117e94667470dfa23c8abfdca0a84d74f814a41194bb5e7b413d36cc7359faf4623d64de8070666dcaae8a5b794ef7ab17421aa12c3260ae7a5bf9f87f910b86a002f01da130979a3635eec3529d180f0dd4c8a9fa9a1a6421d6d061024420abc370511f8d0948f3722ac60b8070a5dc03ad12c26c62c5c15be34b10e2f14bc2c536bafac07f1c070ac7f5eec333988ae722fcbb04a51ad710d32c2478902cef743bc2a8300a069438ae43a37b0a7909c8f2601bd10326c0cb2e1df718a85b8e287da0a34fb83423157b80aea36396d4e9e863c97fc8251b1568b3453d717a019a68215d26ba599c4619d6394acced765ee27b74415a797c4762091e5203b3b3b6abcd64ccf07c839fce34ca1267f69c2a1b220e1af87eaec95f9625ff5fb3e649757bc833e0928f9e729b2ddf80051d7ca91c82bdb722b3373db9f0d87fd6191dd950a8671c011151711917d63e14c09c6e6f03ff9079a5b9f6f99fc26e1741cee4b2e45ad9dc80212db0894a8fb7179e7fdc8b3c40416dc48b97a6f9503483cc7dea1b02ab94857aa1db09f8b905adf5ab95d9823c546fae40823aa42e8dbc27bf7c1199c5f68c5f383b8dfc8e341864840d027c20140fb16d6d093d1699b410d1e7fd0f10265a51bc78a1a4fb469d1779adc47e80a83ace7c569f26c74e523259abff9bec694a8600d7cff78b7e9afb939d2ea64631231c7db0b6703ca8e2913d5ff620a4fb4ea199cad9f8ee03a2d86540b6de322367577a23f011a1fd35efadeb987335c058da0d88f3cf011a3fbfc51faf457aae9752780d9963447f71d3f8e2c9e953d50e6e31b9b9a4c935c1cb9b7edaefb7185e6dae9699111dd049e929f2c188daf3498898d6db903cbeccb58668ecce4563a936c64664fb93cdd3086c3bf649dabc9453c44d6d1bd95a65a76abdf7edf31515af2417efbd87a5a15c1c4534ff813ae84bfc8b05fcb11d14870402fb1ede42853a23627ba7db4be03b60bf6e5bc3ae3ee6ef57b0f8f47a75b747c9b0c003e63c7d2febf20bd953161792c548798596f8ebb8a4aef05a7ec4166d0f396f89f330b355413b1bba4c5fbfbc7eb164074b77dec0c51c8051579c4f1eb6dc97eb20d48258f3da490188b43590911e415389d3391cb109a5ba8045b852db2dca521124120eb43f740a9022e3104a5666510cc53b9045e906bf9a4912ca9fe897676d58b1fadd0ef2f0d4bf7ee8305b24238182138cd2f99e1e5f3685fe5c6bb3ff7b4bf0955a60716c4d92ea25e8fbd2295054fe9d875a4f3a4297bd11dc1ed11e032a7f8289fd554a0d7961b751ead4fae307924c08327655dcd26148ec6db50012f977ca413c69e724d68058d4ac62f8e105de9197f1fb8b4d7db78d97bf943a349f56a95a439dfad372e3936156a4126693d9ae70af2f3b4505181462668adb1618c0a88509a89489582f0f4330788fce7c01663bc630d21da4202c79f166061f1fc5da0d2bd2d3934527588a20fa80279b2a0bba8565ad4c7f9b345406a0c7b1ca04d4d244f2a3146bda5b03ad2d517646fe570fd015fb06e56ab32fcafd264aa1688c05bf26aff38d8848951a4162f87c9981ca9e5fb09dd959832b14297f185d3fcb5a08ee004fdd62cf6e817acf4b2a866c0a9f529b547dd6850aa5949f0445ffadad406448095ea6203b5d213f60890ee65fe29f616d3366e0e058aee570b15b7014408b944672e3a21b3d8cb00a59a070a8f038d73a513b05173aa1daeaf41bedc31d8df08402f90120f394a9c87ced56247a068c9ea7012ba88825ab07f4e22107378d2b99302b2dd1ec0960f260dc1bf9d94bd041f6d5226505473881d4f9909fcce0c287fe90e6829e956f9800ac094637f42a79eb722b2bcdf66f11ca88c3b474a7c2a81c8bb7c9e76e1b918b94d165e0f179a6e4f467fa53144db95d6108e7f9aefb020e8bb71b4e6cf4b1ffebd1e0f334c2425b6bd2855b453f38f7311089f9dc69152db4798daa6fc7a735a9e99478d3e528f9e8a2ffc914c5d551a336061f7d6050783f698b4e5890358fd56e2288612ee8722503dc23be3246874f3fdff8e5127f588084fd90b34eecb04181332936a63ac24f15e4bdb52e3fe3627f74dee52c24a1e91dac4a652c5bdd2c8b81e373ea5aadef9ac7531a5889206e1dea9b248a3aeea0f4620bf4f898e15ad8f5a563a36bd6798a60bdc5e2a3968be3f9c9765ebf3bfa351a833cc8153bbde95804164f9b2cd9a0aa7b3d1e3de0b157357620e95d39aaf24d7fa89e6e41b97ad01b2477c308cc32bfed220c5598bd92ea2627d0903aaa4d8039f276557ef9161fb79d04c82543094aa138b013447b950f3464e1e222b8509fa1e771184d69144d4ad5b449a9811fe1e38f25a4e1d1b93c58e8a3f17d9263afde7ffe0b213d87f9c3ce20b2f19cb140ecdf7f674bc0d50d39cb6b7bbcfa1abfcf0cbc90facfd43b2d3968ed3ae8a5aaf94abc73be9b828d6c345531dd1ada7c0503d099cf1f54ec5ce98fe334dff57b848b295356bb9710eddb0e8db221a3d6140f741c02099d2ed38b3a26367b3391620523ea9cb69f2e06806fd5876bf6d7613bd46fc9d643e91a4374d0a87e773395c809a2c89246eb235ae6e1afc94433ee71251c09b858d94d0148ebf0596e65e72b0b2e93f3e70b9f3f511c82f464fb99c854118224a2de25b189d48473cafb5b041f8c3fd31e118100486168e59528be47db43d899a7cc6832b88a32db3a18737afa0f5eec9d50dbe4ea9a6f5e2819ec973e66e9d6be302802aafc7f7b38c05fca5ef6f466de1f8cbbba5e6e984329b31706464fcdbfd4787e03ed4322daec7d6060c2e5a8c87cf814031c406c3b268ebdf39770ecbb870fdab513e0b570b18a45dcaa6dd497e654f249a4c263ac8b07520db65ccf60526950dea4a367bfd3448140ac99c2104ba6c0b7fdd867072dd3a763b307660e34a305fa41104aaa8901fd014ef5b4d45a3ab5c59e2ba0df25acf973622f4ef1af1579ae18ef0bfdf87648083262afa8a95a1ecebbb91302442a537801b9825a424606366a9a942e32b81e1cb605550007a1cf560acd22fdeeb283ad8f27a53a488011c6c054a413d13e65c5ab26316d67e7c8f62358d006374499fb748c1afc41ace3a4954fc5936f61f1e9ed5813ac435292982995daaecda657230779221c02c7f75b4c697be6935d7926fe3d5c1a244028b96ae2c11396c470ab30d6cb7910222192369dd6122af23c4a8962cb7e0f72c910b9349aaaa2f40a079f1b458597ec53f8e5fe5d62aa9e76dc9dd592e7f0d145e0f4011e05e187ffb27b2125cefce9d5f3c30e38a0245aa5a5e0a1243862a25f20066e7afd5133a50dd7cbecf8361cab1098b5d0b02cf409414cde6fefddd9787d447cdcb91b2dfdcd0e0dc94d298ba2ac5e3b004457ae0cc228039c6646d9c618c4a3d0b1d244d4a5bbbd609537ae6f82f1bacef775bec6e7b0cddcb11801c80dba3737e1a8050ccc3077572d50df095e9944ee30b4d0c31c85b4e63885ad38d1ea029579ec21da66f5a7679a108e31080b731546922c173dc963acbecd3f97b09520bd39240ec752175de26b2144d39a01b0cbd0a38e2f57ade4508c99965fa3d9f6ddbf5a7053f87fe1bede7d7e3dc8be21c5bcc21958f90f7f1222682a73a712b4ca8497c15621efc319834de91d2b219ff6e7163cc4477fb4f21efa938c621ed2133a2556625c82f37dd6160eb23a594978b6898e0f794030d5dd71c60ca99f8a7a731e30e3b58013772de358ddd9b42d5f9a931ff05b4d0f25a2d4245a5bc89dbe532bdb91b62fade5ae011251e087e6dde429bf6e585120e5d1a98eeada3d9df055baea0369f960cc8ae64f846ad355bddeda5b1257143a13fab41dd20877049a82caa6c6007fc14d4a8643e75afd2a854f8833128708049f12769a6dba770386484a860c135805d7e228a0666fe82bfa2578ba6246cbb0d473eda2dafea67187735dcf08b6933575260a92691d4dec2628c238d6b6dc12977eaac883f239073f8c967cf85854a1eeb98874805bef59c79598412eacb18d3702498fb45fd419dc0a34107887981480197c2f00bb7eb17ec52a1a18a0619bfde3bf12ab9a506a7ec594deb0e5f2db5ba82983628a043693ba3bfa3c2b3e56bf7aa788b4cc9066768a90f8e6c74698f7a54e30e782c29171187e8b1fdcd32b783bd23e33c17c52c19993152a72df7e7b79261c0706817329ca07e14f4db41b3a469fe84590ff90a9c0812fa5e49f49ed40990778581c926a0f1718c94e37531dbb354e2164fd69e5f3cfab4dbda30258ee8c84f744aabcdcd0a499995b89ed2730369a9874283154a1ebd3aa5f0e049558e36f391654c23eec9f5ec818892c043c591e4b9043420d48194bb15c6e5a6f67cfbf886820d9a533cba448c2e49a867c935ecc184e95e04b02fc8644e8470b1d00040bf73f01779c2cf5f3704cf4bf0a8b65cabe7eb2a37a4d1611c97530ad1aac00c30a3daf2260429eeaf2f961e02ce340f08726180137a0e68cd375b396e4d6767335d9566240be1f46e9357a84c44a1ed55ebac0d715a508fe45e77c388f1829b59b0e8bc378f20d5e8cbc2305d20e986363cdb188774ecfbddb79fb47cc00f04eb8f8d05b3198b76633fb854d7fd6dbeaabae448a94aca16fb5bc0f7559f44bc4c24b894691e13e87fe7d7833c4442f6ffeac93be941c298376761c6cf78e553180d13450f02e400987d7b6a112b594c2dcdd4fb00f4c5395608825699498f0c9a13ac89e720e6f49b672b13b4fb15a937dd6bedd215eb3cc001470bedec6d1f5be20b00c4c353ab8197fb87aa21899a7fb7cdfd0650af8df6df2ae4d4e099875c3032612221d07179fccef5bf94ac0f94eb62faeae0dbc722a399bcf5534c9bad66a327954a62e5ae4cb420a3bac32fff4487fa9ea8dbbb618fd60226b158fcf840e3f48284ad1acac2f3841c638f724352cdd6ffa6da7b14b4813f0660382d43cfb499a112182af82da3302910d8385fc9dddd95f722e15982427ccf892ef3f89c886d342c4d02063fb716186862e57ff7ad5e3f6d633512339b34658bdcd1a4c6853006b7b76c5dcc69c64a580d47be583689f9dd49b2a0c72e510fd14c8af0ceb5730d319dbd62d3119777f1e5cfed74ef3b567672574901dd2fb61ab68078fed11a29abc5883aa2a0f343ecda44e6975b88891c12d29a5a47a7fcd148af0590bc8241032c17150dc27fa25650d3ece7936b3cf4b950c2f822f47f07642162609130b242bc7bab02b9146c5925b81102a6fe1c8574d4194d192c81950174f3e0110443338f63d9944111c919f47370f9131cabf0784a46e581b4b8ca67830dc5cb9e238d922a1916f3510570ce43e5ec407bd88274448f6fbc7bfe22e0965759b5e53888f218237ade4002303a909cfe34b14def98226995ff25f7675114b7b9e6f863ebeb5836e0084fabb13fe187a3188f1957fb29c141dde4af5b1eaced1bb2bca0a2806b8b360749d4f2476a0bbcdf02687873c432547b50222b4353504165062823c60dd41f0ec155065a1ad33031d231c1bac7e52b2ca107f485b6a7b97f2a6474c05b3afa517c9cc7517fc3feeb3945ac85c1e94d3a19ba918b105a60516695991bf6324625e58145a23f40e27ed05c65b14127e7c28ffe648abb28103bc402efa0d259a0a7b418791c8c23d9b7c982ba5956c2869311982c687fc87254be458d8cbb9aef88a48860bfa1f1b250b1bff46c2b2c5a6fc7aa313bb23eb628b228799c6718bbdbd09f1b2112e471ee7598fba2b02cb74966410fb8f060bbd95debe443b753850e888c17e59dbe6d5c0a3edd846ebca0bd79bd7bc0ccab4c9f2e5eedceab06d3c02db853c5d3e997ab427897e23bef45de730608bd9f696c2acebc1881fbdb0034e366dc6d147dd8f547c88d54efbb303a1218091d58b52724617f53445cbf42a8dbd69c0e57cfe1e71113010679c758e37943b4a8e31f14e55491b0855ef63901e6ae61d3ca2d9e2ec74f2bec9bec50c866ade4cd561e100e8304559818f0d1a5b414be1210563b14e1a34f2600c1862b46c8f9af60bf7a300b79627973ba730f96dbb0b9b46f71400025b6749cf0bc6fc466ce1e49665efc42fe5421fe8ca67c3d23295d9f30a6365c5d31a236b5b6a6ac09d5377193f0fd1cda95825721d5b29f005327afbc9a1fa48f4fbbe1dc969d576579b504be8e58ba01d49322c4dfbe00483554b9f3f7011201c4fd3a76da990b577e178d199ebfbc5ab62f8bcff0f3287e8f56822d8dde77081a839fb4eccad149eae0a3d96b0d4d898d4600982a51799e082ad51250a6a70f4256485826ae6e99866600f09a2129ab044dab53bd4a77ea50ce7a724688b9aee103a02d0dce978393dac1d7da90237caa2592dbc471221595bc42eca9f57bd66e5f53503b877175907902cf9f335a6d0c5adf36f22c237c26b650d4bf47c926d6240e008a7de03047a0a691486d10255b0afa64e5d793cfd425a5bedabd22b8d06e98fc5723d864ef317090c5dd258bcb1e9dac0ea55bbb441bf055a5aa7092fdbe24e4fe0d7e43dad452871164421588de7abddc3b9ee3f58f01ddde8e189dd44f2e90959d5059c51abaac5220e7aef484220bf575ae8a530f093f1e2c7102227ea81fc6dbf54f34d76be8ba986d5070e672b71c82060652b91112e0385c16682251604f60024ad6386e6c8722ff10d392d756e6f9aa4bf9291b30e2eaaa563cb9e9d358f3d58231f5664aa28165a4d6637e57005596864d215eed170529685c5bfab56e79e27aecd7898af06f0a648a6a04fc6ef8edbfe980aad11af9935d995e977f7f0cab2ef463c4c8b3c01bb847142e90ce96aa58fcb58e2663518eeff12ab59dba994f62f77e064b4f794b18565df84b54e1337f479995fb2b258b8778a8fd7eed7c2e258c25e4c23be583c8d2984b0f5c16b75a09a77ddb51b1febacc37c1b74aa01f1020ba40a5c0fe465a8d16c7bded9c81e89f2549a94e7e45e167355b2a285be9bdfa89b792012129c8f1d6ba48236fa5a6e5e8c7e5471d1960c9007a609f41a742fc5c0172f327d697dca7e20af928168d598d973afde40ab93a3d0fb65ebd0b9296ee2b591059a6f55c5742a11824199fcc359d2e13ccdab7fcc9fb47af98c3104154570e5530c017ac11a8fc65ed3e0145c689e0aad0fc10c1d64a46f9da7b3cb8fc40b24c9c84b324c3431a40bf9f54e60e3168977e9d34419169f9b6260f1a5d565020279dcc02c53a95d0a319d86f9dea6dd43ddb63d6ce9ef5cd1b65dda42f992c305fcf79c08bf83df6a0d77ed561b8ab1a6860c7d06740ca1fb4ed456505d54487772a7889d623965d1864faf92aba90acf00cf4e6b2868fd806cd38a677237767fe7122e44f6baf0bae13a794047f57e332ddc931a5b4f3e72b6c2d4a0511e85d3d549e0339d30565919a88931ee9f76e53377ec5d178d4be359cb478355891ee95eb28861f70958b6badb3ef416eef02f7b80712f95d5a9a26cd62b5772f7fd9e2b1f6c17e1c39abe7ab69c4e41d19e14709556f1572e2ade79bc818901c0e270036c539686447cc9f32c1efc5dd52effa26ed277c61379975c946d5c60b248de511239dd5277048565debc5582c36fab65c0c872124d5065a947791a5306e857add1f867d0269c4b0e77e7ce860f1c17db00f7c46a873b2c50f95d5059e46237e4e2cd38919407741440592ee85abaaccb8eb9e0ed3333a231c0309389a976afec9c6e6ad912ac1497981cf24185389a4cdd56046b00e51e3c938ba327f696c8f537301fbce08e77063b722de258aa1b8d02636fe2bc681e27a327691fc360551b854facc79b622ab1866af67f9c1dd5cd829d620c6fbd3126ec185369da8b340023424ee3132bf9beeeff111a9a74fa045407df86c1d384e0b49dc2c501dbcbb61f35bb9102b2b28686fb8b0853c233fa99ed2f28d3b6638f592ed3487855964dd153181d96e87a639232ab36bba1cf4a26b47fe29256bdaf7d25b6684dc69f7c6dcf01f43f202307f3691adc46a2c7cb7b1350769e9e5317c3a908e88ef2ad3bc850a8bc902ef0cfb8841aaa92a992ad0fe8279fb74819e66e654ee6270787ffb01eddfd9b23d056457bb872bfb54090e87b2dd077b73049cdf22a7e3beadcd55fc7721813caaf50100ca88ae1290841023f5cb18b38d731230160fd56251313d06102cdbba911fea190a2f8526851318eeeed615696bd8e8a295eb162c1702ac1f63f498531a0fc1a7f53f38762fdcbd0e2ec6856466b43a057bc94450a56847e3594aed5326cee520dc902ce8f43c8bda2ca5606e7211a25303d720a9d42d0971313bb142a4d973923d182591423e4e836430b1f09b542a17b9843e32a06cf6fbb133ee6e875da9d1e6f027f2eed5bab0958215bc54d6a6a11f4426029b346e238ca68cab8c1916a903abbed4538127175369b3f74dffbe2d486d8cb51903f53a8be8d43cf1b89f62227c9211c1d90a3dc2872f802905d569158ca416fe4177053bae0327c773b9364439ed4940e837a6b81a1ad7dacfe3000f62d46f39bb82ec7539c77c74b5252d3a1823048ddae8d10701f27324e8c4b09a3fd864e953dbde328f19874c4336c415a5201e061541a00ba6f98191d94b03e0abd79babd30852e5458e6bd7fa0f4670f31984f4dc7c5c6c57ae168e4437cea6795d45c3de41aaa836610d723c61167bf20bf77f36949ffd962130e06589b45f0e5d0b22a92628a6cced7de2a401b42b44f4a0553ce7731b6e0731c01d5865f7f647b112003508ec1550f0c8043660521d0db6fe4e17fc418d87690076942b4836cb6341a7a9725dbc6973d5201b08561af65af7b4ef5b6f1c8a4e854af18ac7e3437b7f5e2ee9e365c07d8c7eb27a812aeaa7e775cdeb8d66901fbfa8845cfd49c856ffb66cecf7e6d6fc16d5657c513455c7655fe334198fb1edc3516bff0d37abadf9cd1a0a23ced8c746981f4902de23fedd9d3cf2875146e89d626848ff41f755ef70acb0b1f50333c616bdf2081c8e1bf65617204c601319d6a4d5638722f28ec56d3b7608f6eeafa38d2c27e125ae0654d8b4d96a2a3ff041928004bd37901dd7f761b3d138adf51406b4ce05fea7a5acc36b5fae75703c9486335273c9083acccc1609b168a38129969189d68429dbd5e918fde695b772cd4c9031f7d41d56614dd218b6c15efbb7fc2f46e09e34b849ea6ee677caf18949623baf06da06ff4da50134770b6a68c986df93ee6d724fa4cffbdeb5a2b26d291dfd9aba628635886091430ef88c49555ee8c767c32802073138069fb6ffec7ac4375933d8b67d476e5aa408c5c44f870507bfd29b2ae9d54935cc681d4d018da42094f25b8412be665ae38985b9daac43480bbc70ecdd51d2a45f0c18b0e0d80ff9b96f19ad6e20da2af6d0341d564076ebcd758dd0502bfd0a459bf87628c355241751d7549cb8f8319084e5bc39eac906b6a44ea29dfb615ae2263621fbd28d49410233f69a19cbd35535ce0355bfd15a724007ce1c77062841a8ceff71a73607e741748ae6edb9232741b295f3b9fddfdce7f3be3c15c573de2bcac6fad4174b67dd51e40cddbf87971ba34272accb7cf3dc637dd4cf0d30e2683328f96a9ce22fde3e4a50b454808badd9b0db6a77512e071a384b7d9478c69ec08dfce47dee53a90be5c29ab89f9569bd7f6ac263b880816a1b3122aa2dbc78fb7d48a25335263b2eee57d233c94e9a14bbf662b628f7c792b435a85af2559adae0ad161d3498e44f0d010ee06bf933867a0a8832b8c81d425aaa62f8ec18e92b39c56d3c6a3f144c72c4f1aca958cd95b614271ab3c1795a8ca6bdfaa89d30d3cc6c56e73c533e9a23fbe2071e340da3309282db02ed3a9378ee4f5096d60df739624bd706f1fceaa1e801581f56413dbdd4fcacd2af5cf4024a4e22b5bd8fc7c7c20afb81d261a1c98bcaed95551c24a54529a37241cf4f2362664a3b3da64c26e4b650c74127abea7ad2e4cd6a7ac5df51adb2c7caeb3aa8fe0aeca418d96c9ff804c5452c38014e1c87f700840d65f628d43f21c2f5460c4000db642c9e16b76c75f7137c2b4c8c541770ad8fcd5623f2918177b743a69ad68e0fc083633d72f8a6d1df7427ac7484d356ac812b9c285af67e029333485f8e52fe430aa4fda9e90fe0d43606a1e066b8009cde8829a39cb6be9189bd7c21bcbdf3960b00d628e3120f6997c9b271f8832f3826afcb43a58f5183b43b047adaead99fc16de30447fc0f36d3351164e5629ec4f2fbdc336e6b171b2a17b59ae09d6ce1da0c59b2dafe2e750d2e830dc4cf8b6f6da7caa3411dd57823945976cbf75e142395cd2bf13030abb750ba8cd7dd8708fbed2408b4db52dc6199072e5347b6392f04d03693048b17fce2e278e7c438ddd3366e12f3d6cf6cab9fe22bc77bf72c43cb006bbb06a2c623a38c04b83a081536e6cf9b4ced22aa4da300
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PGMTrusted;PGMTrusted;c:\program files (x86)\Pogo Games\PGMTrusted.exe;c:\program files (x86)\Pogo Games\PGMTrusted.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 16:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:18]
.
2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
- c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-23 01:31]
.
2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
- c:\users\Nikita BigBank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-23 01:31]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 12:44]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 12:44]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000Core.job
- c:\users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 22:26]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-321980617-990551525-4145136555-1000UA.job
- c:\users\Nikita BigBank\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-16 22:26]
.
2013-06-08 c:\windows\Tasks\schedule!1877806136.job
- c:\programdata\BetterSoft\OptimizerPro Upd\OptimizerPro Upd.exe [2013-02-09 19:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-12 16:39 244696 ----a-w- c:\users\Nikita BigBank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-12 16:39 244696 ----a-w- c:\users\Nikita BigBank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-12 16:39 244696 ----a-w- c:\users\Nikita BigBank\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-09-12 892416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.davincihd.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = 
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: wishuponahero.org
TCP: DhcpNameServer = 192.168.1.1
DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://www.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll
FF - ProfilePath - c:\users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\users\Nikita BigBank\AppData\Roaming\Mozilla\Firefox\Profiles\zkp4y21p.default\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{1BA63A0A-3B7E-0F76-67A4-89CC34219C96} - c:\progra~3\INSTAL~1\{39D2E~1\Setup.exe
AddRemove-{A91744FE-6E44-D9ED-2677-BA758275ED5C} - c:\progra~3\INSTAL~1\{C3016~1\Setup.exe
AddRemove-{E6914D99-8119-E7C6-1717-D4EC2A7EBCBD} - c:\progra~3\INSTAL~1\{2B66D~1\Setup.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-08  09:14:10
ComboFix-quarantined-files.txt  2013-06-08 13:14
.
Pre-Run: 859,690,196,992 bytes free
Post-Run: 860,762,857,472 bytes free
.
- - End Of File - - 9889DBF86AFB4E307E42BDE659BFAD0B


#9 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 08 June 2013 - 08:29 AM

not sure yet as I'm on my way to work, I will let you know once I get home 2night.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 08 June 2013 - 03:32 PM


Hello



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 08 June 2013 - 06:39 PM

After running ComboFix, I tried running Windows Update and it worked to all critical Windows Updates were installed a total of 57, it also updated MSE, which wouldn't update before either. But here are the new results:
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#12 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 08 June 2013 - 06:40 PM

OOPs this is the full log:

 

Farbar Service Scanner Version: 31-05-2013 01
Ran by Nikita BigBank (administrator) on 08-06-2013 at 19:33:45
Running from "C:\Users\Nikita BigBank\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 10 June 2013 - 01:17 AM

Download Erunt create a backup of your registry.
http://www.larshederer.homepage.t-online.de/erunt/

Open notepad copy the contents of the code box below into the notepad then call it abc.reg save it to your desktop right click it Select Merge and then reboot your machine.

Windows Registry Editor Version 5.00 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}] 
"AutoStart"=""
Open an Elevated command prompt amd type or copy and paste the following.
regsvr32 ActionCenter.dll

Press enter

To get to an elevated command prompt

Click on the start button
in the search field typ CMD
right click on CMD and select "Run as Administrator

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ImmaNoob

ImmaNoob
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly
  • Local time:06:18 PM

Posted 10 June 2013 - 02:08 AM

gave me the following error:

Attached Files

  • Attached File  SS.jpg   106.87KB   3 downloads

Edited by ImmaNoob, 10 June 2013 - 02:09 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:18 PM

Posted 10 June 2013 - 02:14 AM

OK rerun Farbar Service Scanner


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users