Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Remove ZeroAccess - Have ZeroHope of Removing It Alone


  • This topic is locked This topic is locked
89 replies to this topic

#1 ZeroHope

ZeroHope

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 June 2013 - 04:30 PM

I find myself here because -- foolishly, I guess -- I tried to Remove ZeroAccess on my own, based on hours and hours of reading the forums – Gringo and CONSPIRE especially.

I should have known better - I struggle to understand computers and computer problems - and struggle even more trying to understand how to do the "right thing". It's a lot ...
My laptop is key to my job and my income - you'll already know how much I appreciate getting help. 

 

AV now on my Laptop

. Microsoft Security Essentials (MSE) – disabled/not functioning, see below

. Malwarebytes AntiMalware (MBAM)

. Iobit Malware Fighter
. AVG (free) 2013
. SpyBot S&D 

. (also have SuperAntiSpyware … cCleaner … couple of defrag prgms)

 

 

Infections Recently Identified & Located

. In trying to run an MSE Full Scan last week, I got a MSE pop-up notice that MSE was not functioning:"Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

 

 

. I then discovered corrupted files/fragments of MSE ... was eventually able to delete all the fragments individually ... and, immediately, I then downloaded-installed MSE anew - and did an initial Full Scan right away.  

 

. MSE would then/eventually identify 4 Viruses in total: Three in that initial Full Scan done right away ... and, in a Full Scan a couple of days later, a 4th Virus ("ransomware") - which I had expected once the malware "froze" my computer with a bogus ransom demand. 

 

. There were duplicate and triplicate MSE listings of the three initial Viruses – listed as Quarantined … listed again as Other/Removed:

. TROJAN:Win32/Sirefef!cfg

. Exploit: Java/CVE-2013-2423

. TROJAN:Win64/Sirefef.AF

 

. For each of these three viruses, MSE had also listed the corresponding file(s) infections. 

 

 

Actions Taken – and Results

. After that initial Full Scan, I immediately clicked to have MSE “Remove All” of the three viruses.

 

. MSE then reported that it “could not locate or remove” the TROJAN:Win32/Sirefef!cfg Virus, which MSE identified as two files/folders:

C:\$recycle.bin\S-1-5-18\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\U

C:\$recycle.bin\S-1-5-21-3540011253-2172918806-1318340375 1001\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\U

 

 . I then ran a MBAM Full Scan – which showed no infections.

. I then ran another MSE Full Scan – which showed only those same two “could not locate or remove” infected files/folders.

 

. The very next day, thanks to Java in my browser, I was infected with new malware: Trojan:Win32/Urausy.C

 

. An MSE Full Scan identified and located it … and MSE also Removed it. I immediately did another MSE Full Scan – which confirmed this new malware had in fact been removed … but also re-confirmed that MSE still “could not locate or remove” the two infected files.

 

. I then ran Rogue Killer (RK) (although not in Safe Mode. Yikes!) – which did identify the same two File-located viruses (identifying them as “ZeroAccess”); and also identified “problems” or “irregularities” (four) in the Registry.

 

. I’ve posted the RK log-report for this Scan below.

 

. I clicked “delete” on the RK program to get rid of the two File-based viruses (and “delete” did Remove both Files); and that same “delete” action resulted in the four Registry items being “Replaced”.

 

. The RK log-report following these corrections by RK is also below.    

 

. I then did another Full Scan with both MBAM and with MSE – and, each time, no infections were identified.

 

. I then disabled Java in both my Firefox and IE browsers (and am absolutely certain the Trojan:Win32/Urausy.C malware gained access through Java, via Firefox).

 

. Everything seemed normal and fine, for less than a day - and then I started experiencing problems I'd never had before:

 

 

Problems I KNOW I Now Have

- WINDOWS crashed while laptop was sitting in snooze mode - never happened before

- Files show I have two MSE Programs - one in ProgramFiles (x86) listing many fewer components than the other one in ProgramFiles ... but I’ve not been confident that Uninstall/Deleting either or both is the right thing to do (including because I understand (from CONSPIRE) there is malware that actually “creates” bogus MSE folders …).

- I now get this pop-up when I try to open/run MSE: “An error has occurred in the program during init1ialization.  If this problem continues, please contact your administrator.  Error Code:  0x80073b01.”

- I now get this pop-up when I try to open/run almost any other program/app/folder, including MBAM, Java, RogueKiller, AVG, Smart Defrag, etc: "Do you want to allow the following program to make changes to this computer?"

- I STILL have the following PUPS ('RiverNileCasino') at this location - which SpyBot (alone) identified, but NO program has been able to remove:

HKEY_USERS\S-1-5-21-3540011253-2172918806-1318340375-1001\Software\MGS\Thumper

- I have a "Command Prompt" window open (showing C:\Users\PC) that I cannot close - including by inputting "exit"

 

 

 

Other Problems I Think I MIGHT Have

- I (think I) disabled Java in each one of my Browsers ... but may also have disabled a/the main Java Program???

 

- It looks like I have two AVGs 2013 … but also looks like neither one of them has been fully installed and activated – even though I know I’ve gone through the installation and activation process at least three different times (immediately needing a different AV program after MSE’s failure)

 

. I MAY have messed around with the User Account Control settings (“administrator” and ‘permissions’ and all that …).

 

. I can open and access “settings” adjustments for WINDOWS, but can no longer actually adjust ANY setting: Nothing Happens.

 

. Right after virus removals, I had ALSO been losing “Internet Access” almost immediately after going online. Troubleshooting identified it as “DNS Server is not responding”. I went in and inputted the numbers for Primary and Secondary OpenDNS servers, and re-set the WinSock and DND Settings for good measure - and have not lost “Internet Access” since then …

 

. One Troubleshooting finding (related to the same “Internet Access” issue) identified “Firewall” – but I can’t remember any more info, and didn’t know enough then to understand its importance. Sorry. (But I can confirm I’ve checked and the Windows Firewall shows as ‘ON’).

 

. cCleaner allows for checking/unchecking two MSE applications – MSE AntiMalware, and MSE Security Client. Both HAD been checked before this whole Virus Nightmare … they are now Unchecked, since I read that either/both – if checked – signal to MSE that the computer is “not safe” and needs to be scanned ASAP.

 

Finally, I’ve also posted below the DDS.txt log-report … and attached the DDS.attach.text log-report ... and posted below the log-report for AdwCleaner ... but did not run JunkwareRemovalTool because I was/am uneasy about disabling AV protection.

 

Phew

 

Thanks for making it this far with me …

 

Zero

 

 

 

 

Log-Report Of The Initial Full Scan by ROGUEKILLER

 

http://tigzyrk.blogspot.fr/2012/11/en-roguekiller-official-tutorial.html

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : PC [Admin rights]

Mode : Scan -- Date : 06/13/2013 20:59:23

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3540011253-2172918806-1318340375-1001\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3540011253-2172918806-1318340375-1001\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\L --> FOUND

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

 

127.0.0.1             www.007guard.com

127.0.0.1             007guard.com

127.0.0.1             008i.com

127.0.0.1             www.008k.com

127.0.0.1             008k.com

127.0.0.1             www.00hq.com

127.0.0.1             00hq.com

127.0.0.1             010402.com

127.0.0.1             www.032439.com

127.0.0.1             032439.com

127.0.0.1             www.0scan.com

127.0.0.1             0scan.com

127.0.0.1             www.1000gratisproben.com

127.0.0.1             1000gratisproben.com

127.0.0.1             1001namen.com

127.0.0.1             www.1001namen.com

127.0.0.1             100888290cs.com

127.0.0.1             www.100888290cs.com

127.0.0.1             www.100sexlinks.com

127.0.0.1             100sexlinks.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++

--- User ---

[MBR] bda383ff942f46436e4bb4087cd96316

[BSP] 8c0650b4729dab75c8f745a24ad97dc4 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461629 Mo

2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_06132013_02d2059.txt >>

RKreport[1]_S_06132013_02d2059.txt

 

 

 

 

ROGUEKILLER Log-Report After Clicking Delete in RK

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : PC [Admin rights]

Mode : Remove -- Date : 06/14/2013 06:03:55

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3540011253-2172918806-1318340375-1001\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\L --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3540011253-2172918806-1318340375-1001\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\L --> REMOVED

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

 

127.0.0.1             www.007guard.com

127.0.0.1             007guard.com

127.0.0.1             008i.com

127.0.0.1             www.008k.com

127.0.0.1             008k.com

127.0.0.1             www.00hq.com

127.0.0.1             00hq.com

127.0.0.1             010402.com

127.0.0.1             www.032439.com

127.0.0.1             032439.com

127.0.0.1             www.0scan.com

127.0.0.1             0scan.com

127.0.0.1             www.1000gratisproben.com

127.0.0.1             1000gratisproben.com

127.0.0.1             1001namen.com

127.0.0.1             www.1001namen.com

127.0.0.1             100888290cs.com

127.0.0.1             www.100888290cs.com

127.0.0.1             www.100sexlinks.com

127.0.0.1             100sexlinks.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++

--- User ---

[MBR] bda383ff942f46436e4bb4087cd96316

[BSP] 8c0650b4729dab75c8f745a24ad97dc4 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 461629 Mo

2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2]_D_06142013_02d0603.txt >>

RKreport[1]_S_06132013_02d2059.txt ; RKreport[2]_D_06142013_02d0603.txt


 

 

 

 

 

DDS.Text

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/18/2011 9:12:03 PM

System Uptime: 6/15/2013 10:45:44 AM (6 hours ago)

.

Motherboard: LENOVO |  | Base Board Product Name

Processor: Intel® Core™ i5 CPU       M 480  @ 2.67GHz | CPU | 2667/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 399.727 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP401: 6/10/2013 3:54:41 AM - Windows Update

RP402: 6/11/2013 11:03:05 AM - Windows Update

RP403: 6/11/2013 7:04:55 PM - Windows Update

RP404: 6/11/2013 11:26:48 PM - Windows Update

RP405: 6/12/2013 8:20:02 AM - Windows Update

RP406: 6/12/2013 8:58:50 AM - Removed AVG 2013

RP407: 6/12/2013 9:04:54 AM - Removed AVG 2013

RP408: 6/12/2013 9:43:18 AM - Installed AVG 2013

RP409: 6/12/2013 9:43:56 AM - Installed AVG 2013

RP410: 6/13/2013 12:18:17 AM - Windows Update

RP411: 6/14/2013 6:00:07 AM - Windows Update

RP412: 6/14/2013 5:34:19 PM - Removed Java 7 Update 17

RP413: 6/15/2013 8:28:40 AM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Adobe Shockwave Player 12.0

AVG 2013

Canon MP Navigator EX 4.1

Canon MX410 series MP Drivers

CCleaner

Conexant HD Audio

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

Energy Management

Google Chrome

Google Update Helper

HL-2270DW

Incredibar Toolbar  on IE

Intel PROSet Wireless

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® WiDi

Intel® Wireless Display

IObit Malware Fighter

Java 7 Update 17

Java 7 Update 17 (64-bit)

Java Auto Updater

Java™ 6 Update 31 (64-bit)

Java™ 6 Update 37

Junk Mail filter update

K-Lite Codec Pack 8.0.0 (Full)

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo DirectShare

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

OpenOffice.org 3.3

Realtek Ethernet Controller Driver For Windows 7

Realtek USB 2.0 Card Reader

Remote Control USB Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Smart Defrag 2

Spin Palace Casino

Spybot - Search & Destroy

SUPERAntiSpyware

swMSM

Synaptics Pointing Device Driver

System Requirements Lab for Intel

TweakNow PowerPack 2012

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Visual Studio 2010 x64 Redistributables

Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

6/9/2013 2:51:35 PM, Error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%-2146869247

6/9/2013 2:16:06 PM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  Access is denied.

6/8/2013 12:52:50 AM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.AF&threatid=2147661997           Name: Trojan:Win64/Sirefef.AF          ID: 2147661997          Severity: Severe          Category: Trojan              Path: clsid:_HKCU@S-1-5-21-3540011253-2172918806-1318340375-1001\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9};file:_C:\$Recycle.Bin\S-1-5-18\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\n;file:_C:\$Recycle.Bin\S-1-5-21-3540011253-2172918806-1318340375-1001\$f7c7b73b6fc3f9cb9fcbb4d25cf18d66\n;regkey:_HKCU@S-1-5-21-3540011253-2172918806-1318340375-1001\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}  Detection Origin: Local machine             Detection Type: Concrete       Detection Source: Real-Time Protection        User: NT AUTHORITY\SYSTEM        Process Name: C:\Users\PC\AppData\Local\Temp\ulugagk    Action: Quarantine      Action Status:  No additional actions required      Error Code: 0x80070005         Error description: Access is denied.            Signature Version: AV: 1.151.1806.0, AS: 1.151.1806.0, NIS: 11.159.0.0              Engine Version: AM: 1.1.9506.0, NIS: 2.0.8001.0

6/15/2013 8:30:21 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Install  Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x8007042c              Error description: The dependency service or group failed to start.

6/15/2013 8:30:17 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE  Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/15/2013 8:30:17 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE  Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/15/2013 8:28:51 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.2239.0        Update Source: Microsoft Update Server       Update Stage: Install  Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80240016         Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/15/2013 8:28:51 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.2239.0        Update Source: Microsoft Update Server       Update Stage: Install  Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80240016         Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/15/2013 8:28:51 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.2239.0        Update Source: Microsoft Update Server       Update Stage: Download         Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80240016         Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/15/2013 8:17:41 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

6/15/2013 8:17:38 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.

6/15/2013 3:16:23 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.

6/14/2013 6:13:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.2236.0).

6/14/2013 6:12:44 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Install  Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x8007042c              Error description: The dependency service or group failed to start.

6/14/2013 6:12:41 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE  Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/14/2013 6:12:41 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE  Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/14/2013 6:12:00 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.2236.0        Update Source: Microsoft Update Server       Update Stage: Install  Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80070643         Error description: Fatal error during installation.

6/14/2013 6:11:57 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM           Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/14/2013 6:11:57 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\SYSTEM           Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/14/2013 6:02:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2676562).

6/13/2013 12:16:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.2134.0).

6/13/2013 12:16:37 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Install  Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x8007042c              Error description: The dependency service or group failed to start.

6/13/2013 12:16:34 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE  Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/13/2013 12:16:34 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE  Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/13/2013 12:16:24 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.2134.0        Update Source: Microsoft Update Server       Update Stage: Install  Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80070643         Error description: Fatal error during installation.

6/13/2013 12:16:21 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM           Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/13/2013 12:16:21 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\SYSTEM           Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/12/2013 9:04:35 AM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.

6/12/2013 11:28:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000119 (0x0000000000000001, 0x0000000000076622, 0x00000000000766a2, 0x00000000000766a0). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061213-32198-01.

6/11/2013 7:25:11 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x80072ee7              Error description: The server name or address could not be resolved

6/11/2013 7:24:41 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9506.0&avdelta=1.151.1922.0&asdelta=1.151.1922.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus       Update Type: Full              User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80072ee7         Error description: The server name or address could not be resolved

6/11/2013 7:24:41 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9506.0&avdelta=1.151.1922.0&asdelta=1.151.1922.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware             Update Type: Full              User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80072ee7         Error description: The server name or address could not be resolved

6/11/2013 7:24:12 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Update Server       Update Stage: Search             Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x8024402c          Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/11/2013 6:55:41 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x80072ee7              Error description: The server name or address could not be resolved

6/11/2013 6:55:12 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9506.0&avdelta=1.151.1922.0&asdelta=1.151.1922.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus       Update Type: Full              User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80072ee7         Error description: The server name or address could not be resolved

6/11/2013 6:55:12 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9506.0&avdelta=1.151.1922.0&asdelta=1.151.1922.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware             Update Type: Full              User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80072ee7         Error description: The server name or address could not be resolved

6/11/2013 6:54:43 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Update Server       Update Stage: Search             Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x8024402c          Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/11/2013 11:40:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.2033.0).

6/11/2013 11:40:13 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Install  Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x8007042c              Error description: The dependency service or group failed to start.

6/11/2013 11:40:10 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\NETWORK SERVICE   Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/11/2013 11:40:10 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE  Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/11/2013 11:40:06 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.2033.0        Update Source: Microsoft Update Server       Update Stage: Install  Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80070643         Error description: Fatal error during installation.

6/11/2013 11:40:03 PM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM           Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/11/2013 11:40:03 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\SYSTEM           Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/11/2013 10:41:53 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:           Previous Engine Version: 0.0.0.0        Error code: 0x80072ee7              Error description: The server name or address could not be resolved

6/11/2013 10:41:23 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9506.0&avdelta=1.151.1922.0&asdelta=1.151.1922.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus       Update Type: Full              User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80072ee7         Error description: The server name or address could not be resolved

6/11/2013 10:41:23 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Malware Protection Center              Update Stage: Search             Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.9506.0&avdelta=1.151.1922.0&asdelta=1.151.1922.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware             Update Type: Full              User: NT AUTHORITY\NETWORK SERVICE            Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80072ee7         Error description: The server name or address could not be resolved

6/11/2013 10:40:54 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Update Server       Update Stage: Search             Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x8024402c          Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

6/10/2013 3:02:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.1922.0).

6/10/2013 3:00:46 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 0.0.0.0      Update Source: Microsoft Malware Protection Center              Update Stage: Install  Source Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: Network Inspection System              Update Type: Full        User: Lenovo\PC         Current Engine Version:          Previous Engine Version: 0.0.0.0           Error code: 0x8007042c          Error description: The dependency service or group failed to start.

6/10/2013 3:00:43 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: Lenovo\PC              Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/10/2013 3:00:43 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: Lenovo\PC      Current Engine Version:          Previous Engine Version:        Error code: 0x8007042c    Error description: The dependency service or group failed to start.

6/10/2013 3:00:34 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version: 1.151.1922.0        Update Source: Microsoft Update Server       Update Stage: Install  Source Path: http://www.microsoft.com          Signature Type: AntiVirus              Update Type: Full        User: NT AUTHORITY\SYSTEM        Current Engine Version:               Previous Engine Version: 1.1.9506.0              Error code: 0x80070643         Error description: Fatal error during installation.

6/10/2013 3:00:30 AM, Error: Microsoft Antimalware [2003]  - Microsoft Antimalware has encountered an error trying to update the engine.      New Engine Version:              Previous Engine Version:           Engine Type: Network Inspection System      User: NT AUTHORITY\SYSTEM           Error Code: 0x8007042c         Error description: The dependency service or group failed to start.

6/10/2013 3:00:30 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:          Previous Signature Version:      Update Source: User  Update Stage: Install  Source Path:               Signature Type: Network Inspection System              Update Type: Full        User: NT AUTHORITY\SYSTEM           Current Engine Version:          Previous Engine Version:               Error code: 0x8007042c          Error description: The dependency service or group failed to start.

.                                                                              

==== End Of File ===========================

 

 

 

 

AdwCleaner Log-Report

 

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 19:52:08

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium  (64 bits)

# User : PC - LENOVO

# Boot Mode : Normal

# Running from : C:\Users\PC\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

Stopped & Deleted : Web Assistant Updater

 

***** [Files / Folders] *****

 

File Deleted : C:\END

File Deleted : C:\user.js

File Deleted : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

File Deleted : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8i2jd4fu.default-1352816315697\searchplugins\Conduit.xml

File Deleted : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8i2jd4fu.default-1352816315697\searchplugins\MyStart Search.xml

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\Users\PC\AppData\Local\Conduit

Folder Deleted : C:\Users\PC\AppData\Local\PackageAware

Folder Deleted : C:\Users\PC\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\PC\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\PC\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\PC\AppData\LocalLow\incredibar.com

Folder Deleted : C:\Users\PC\AppData\LocalLow\MixiDJ_V5

Folder Deleted : C:\Users\PC\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8i2jd4fu.default-1352816315697\Smartbar

Folder Deleted : C:\Users\PC\AppData\Roaming\ParetoLogic

Folder Deleted : C:\Users\PC\AppData\Roaming\PerformerSoft

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V5

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\incredibar.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\incredibar.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

Key Deleted : HKLM\Software\MixiDJ_V5

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D849DC5-4380-4E6A-8A68-92001627BE63}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57C441B8-9D40-43DE-A7AF-CA36C4E426EA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Key Deleted : HKLM\SOFTWARE\Web Assistant

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F6F0F973-A4A3-48CF-9A7A-B7A69C30D71A}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.17267

 

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?af=112206&babsrc=nt_ss&mntrid=2a258f230000000000008ca9823d7545 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v21.0 (en-US)

 

File : C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8i2jd4fu.default-1352816315697\prefs.js

 

C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8i2jd4fu.default-1352816315697\user.js ... Deleted !

 

Deleted : user_pref("CT3287819.1000082.isPlayDisplay", "true");

Deleted : user_pref("CT3287819.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT3287819.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3287819.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3287819.FF19Solved", "true");

Deleted : user_pref("CT3287819.FirstTime", "true");

Deleted : user_pref("CT3287819.FirstTimeFF3", "true");

Deleted : user_pref("CT3287819.PG_ENABLE.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3287819.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]

Deleted : user_pref("CT3287819.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]

Deleted : user_pref("CT3287819.UserID", "UN36830495462087524");

Deleted : user_pref("CT3287819.YTbyClickFavorites.enc", "W10=");

Deleted : user_pref("CT3287819.YTbyClickRecent.enc", "W10=");

Deleted : user_pref("CT3287819.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3287819.autoDisableScopes", -1);

Deleted : user_pref("CT3287819.browser.search.defaultthis.engineName", "true");

Deleted : user_pref("CT3287819.defaultSearch", "true");

Deleted : user_pref("CT3287819.enableAlerts", "true");

Deleted : user_pref("CT3287819.enableFix404ByUser", "TRUE");

Deleted : user_pref("CT3287819.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT3287819.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3287819.fixPageNotFoundError", "true");

Deleted : user_pref("CT3287819.fixPageNotFoundErrorByUser", "true");

Deleted : user_pref("CT3287819.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3287819.fixUrls", true);

Deleted : user_pref("CT3287819.homepageuserchanged", true);

Deleted : user_pref("CT3287819.installDate", "24/3/2013 5:00:31");

Deleted : user_pref("CT3287819.installId", "cid119_105");

Deleted : user_pref("CT3287819.installType", "conduitnsisintegration");

Deleted : user_pref("CT3287819.installerVersion", "1.3.7.3");

Deleted : user_pref("CT3287819.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3287819.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3287819.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3287819.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3287819.keyword", "true");

Deleted : user_pref("CT3287819.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]

Deleted : user_pref("CT3287819.lastVersion", "10.15.0.562");

Deleted : user_pref("CT3287819.mam_gk_CouponBuddy_appState.enc", "b24=");

Deleted : user_pref("CT3287819.mam_gk_PriceGong_appState.enc", "b24=");

Deleted : user_pref("CT3287819.mam_gk_appStateReportTime.enc", "MTM2NDExNTgzNjkyMA==");

Deleted : user_pref("CT3287819.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]

Deleted : user_pref("CT3287819.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");

Deleted : user_pref("CT3287819.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]

Deleted : user_pref("CT3287819.mam_gk_currentVersion.enc", "MS40LjMuMg==");

Deleted : user_pref("CT3287819.mam_gk_first_time.enc", "MQ==");

Deleted : user_pref("CT3287819.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Deleted : user_pref("CT3287819.mam_gk_lastLoginTime.enc", "MTM2NDExNTgzMjE4NQ==");

Deleted : user_pref("CT3287819.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]

Deleted : user_pref("CT3287819.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3287819.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]

Deleted : user_pref("CT3287819.mam_gk_showCloseButton.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3287819.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Deleted : user_pref("CT3287819.mam_gk_userId.enc", "OGUwMzdiMzMtMDZjMC00YmUzLWEzM2YtNjM4YmFmMDJiOWU4");

Deleted : user_pref("CT3287819.mam_gk_user_apps_selection.enc", "");

Deleted : user_pref("CT3287819.migrateAppsAndComponents", true);

Deleted : user_pref("CT3287819.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]

Deleted : user_pref("CT3287819.openThankYouPage", "false");

Deleted : user_pref("CT3287819.openUninstallPage", "true");

Deleted : user_pref("CT3287819.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]

Deleted : user_pref("CT3287819.revertSettingsEnabled", "false");

Deleted : user_pref("CT3287819.search.searchAppId", "130058556828882104");

Deleted : user_pref("CT3287819.search.searchCount", "0");

Deleted : user_pref("CT3287819.searchFromAddressBarEnabledByUser", "true");

Deleted : user_pref("CT3287819.searchInNewTabEnabledByUser", "true");

Deleted : user_pref("CT3287819.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3287819.searchUserMode", "2");

Deleted : user_pref("CT3287819.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3287819.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3287819.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3287819.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364115817343");

Deleted : user_pref("CT3287819.serviceLayer_services_appsMetadata_lastUpdate", "1364115817163");

Deleted : user_pref("CT3287819.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364115816892");

Deleted : user_pref("CT3287819.serviceLayer_services_location_lastUpdate", "1370818921917");

Deleted : user_pref("CT3287819.serviceLayer_services_login_10.15.0.562_lastUpdate", "1370818922147");

Deleted : user_pref("CT3287819.serviceLayer_services_login_10.15.0.62_lastUpdate", "1364116167190");

Deleted : user_pref("CT3287819.serviceLayer_services_login_10.15.2.523_lastUpdate", "1367972530299");

Deleted : user_pref("CT3287819.serviceLayer_services_login_10.16.1.521_lastUpdate", "1369266026826");

Deleted : user_pref("CT3287819.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364115816817");

Deleted : user_pref("CT3287819.serviceLayer_services_searchAPI_lastUpdate", "1364115805928");

Deleted : user_pref("CT3287819.serviceLayer_services_serviceMap_lastUpdate", "1370818921731");

Deleted : user_pref("CT3287819.serviceLayer_services_setupAPI_lastUpdate", "1364115804889");

Deleted : user_pref("CT3287819.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364115816529");

Deleted : user_pref("CT3287819.serviceLayer_services_toolbarSettings_lastUpdate", "1370826122239");

Deleted : user_pref("CT3287819.serviceLayer_services_translation_lastUpdate", "1370830238441");

Deleted : user_pref("CT3287819.settingsINI", true);

Deleted : user_pref("CT3287819.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3287819.showToolbarPermission", "false");

Deleted : user_pref("CT3287819.smartbar.CTID", "CT3287819");

Deleted : user_pref("CT3287819.smartbar.Uninstall", "0");

Deleted : user_pref("CT3287819.smartbar.homepage", true);

Deleted : user_pref("CT3287819.smartbar.isHidden", true);

Deleted : user_pref("CT3287819.smartbar.toolbarName", "MixiDJ V5 ");

Deleted : user_pref("CT3287819.startPage", "true");

Deleted : user_pref("CT3287819.toolbarBornServerTime", "24-3-2013");

Deleted : user_pref("CT3287819.toolbarCurrentServerTime", "10-6-2013");

Deleted : user_pref("CT3287819.toolbarLoginClientTime", "Sun Mar 24 2013 05:03:37 GMT-0400 (Eastern Daylight T[...]

Deleted : user_pref("CT3287819.url_history0001.enc", "aHR0cDovL3d3dy5nb29nbGUuY2EvdXJsP3NhPXQmcmN0PWomcT1ob3cl[...]

Deleted : user_pref("CT3287819_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("CT3290228.FF19Solved", "true");

Deleted : user_pref("CT3290228.UserID", "UN37548567171490211");

Deleted : user_pref("CT3290228.browser.search.defaultthis.engineName", "true");

Deleted : user_pref("CT3290228.installDate", "26/3/2013 20:08:48");

Deleted : user_pref("CT3290228.installerVersion", "1.3.7.3");

Deleted : user_pref("CT3290228.keyword", "true");

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287819&octid=CT328781[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287819");

Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3290228&CUI[...]

Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");

Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);

Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");

Deleted : user_pref("extentions.y2layers.installId", "2139380d-f913-4308-ab79-4b2ea2555d3c");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287819&SearchSource=2&CU[...]

Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287819");

Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287819&CUI=UN368304954[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Deleted : user_pref("smartbar.machineId", "SMKG40D0VCETHUPKEM5QPSQ0KZD0PWJNHGOCX8JF0Q8DPXNLFMUU0NTFOT0COSCWNSS[...]

Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.ca");

Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=u[...]

Deleted : user_pref("smartbar.originalSearchEngine", "Yahoo");

 

-\\ Google Chrome v27.0.1453.110

 

File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.2163] : homepage = "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN24688935077273177&U[...]

Deleted [l.2355] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&C[...]

 

*************************

 

AdwCleaner[S1].txt - [20063 octets] - [15/06/2013 19:52:08]

 

########## EOF - C:\AdwCleaner[S1].txt - [20124 octets] ##########

Attached Files


Edited by ZeroHope, 16 June 2013 - 04:20 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 15 June 2013 - 09:21 PM


Hello ZeroHope

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 June 2013 - 09:36 PM

Hi Gringo!

I'm really glad you responded, and will do my best to follow directions properly.

 

Question

I'm not sure what the following means -- and means to me -- since I have Windows 7 Home Premium. Am I correct in assuming that ONLY those with WinXP would be asked to install or update that Recovery Console?

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

 

=============

 

PS Pls understand it's going to take me a bit of time to learn how to disable/turn off my security software ... but I'll figure it out and I;ll be back to you as soon as I can - thank you!



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 15 June 2013 - 09:46 PM

You are correct - only people running win XP will be asked to install the recovery console


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 June 2013 - 10:17 PM

OK - I think I figured out how to disable AVG and IObit - but ...

 

. I'm sure the info on AVG said it would be enabled on re-start ... and I noticed that ComboFix "may" need to reboot once or twice - if it reboots, won't a re-enabled AVG conflict with it; and

. I have NOT disabled the Windows Firewall - correct?



#6 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 June 2013 - 10:25 PM

Maybe I'm being extra cautious, Gringo, but I won't install and run ComboFix until you respond to my previous post ...



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 15 June 2013 - 10:28 PM

It could conflict so if you can turn it off longer go ahead - if not don't worry to much about it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 June 2013 - 10:31 PM

OK - AVG says "Protection is disabled until next computer restart".



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 15 June 2013 - 10:35 PM

OK I will be waiting for the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 June 2013 - 11:36 PM

Here's the report - and my first laundry list of screw-ups:

. I tried but failed to back up files on a CD ... and am worried that ComboFix has removed non-virus files (ie "Lenovo")

. I tried but failed to disable IObit Malware Fighter.

. TWO Microsoft Security Essentials programs also ran during the ComboFix program.

 

I will UNinstall IObit ... and try again to UNinstall the two MSEs programs ... and I will also re-enable the AVG so I have at least some AV protection.

 

Sorry Gringo.

 

I hate this.

 

 

 

 

ComboFix 13-06-15.01 - PC 06/15/2013  23:35:23.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1822 [GMT -4:00]
Running from: c:\users\PC\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Lenovo
c:\programdata\Roaming
c:\users\PC\AppData\Roaming\Lenovo
c:\users\PC\AppData\Roaming\skype.ini
c:\windows\s.bat
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-16 to 2013-06-16  )))))))))))))))))))))))))))))))
.
.
2013-06-16 03:51 . 2013-06-16 03:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-15 12:29 . 2013-05-13 03:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0D94A31-2559-4287-9583-CE3DB54AA5F7}\mpengine.dll
2013-06-14 10:12 . 2013-05-13 03:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-12 13:43 . 2013-06-12 13:43    --------    d-----w-    c:\program files (x86)\AVG
2013-06-10 06:58 . 2013-01-27 18:37    182248    ----a-w-    c:\program files\Windows Defender\en-US\EppManifest.dll
2013-06-10 06:58 . 2013-01-27 15:35    8760    ----a-w-    c:\program files\Windows Defender\en-US\setupres.dll
2013-06-10 06:58 . 2013-01-27 15:34    1094152    ----a-w-    c:\program files\Windows Defender\en-US\amd64\setup.exe
2013-06-10 06:58 . 2013-01-20 19:58    241984    ----a-w-    c:\program files\Windows Defender\en-US\amd64\sqmapi.dll
2013-06-10 06:58 . 2013-06-10 06:58    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-06-09 19:14 . 2013-06-09 19:14    --------    d-----w-    c:\users\PC\AppData\Roaming\AVG2013
2013-06-09 19:11 . 2013-06-12 13:44    --------    d-----w-    C:\$AVG
2013-06-09 18:48 . 2013-06-09 18:48    --------    d-----w-    C:\msse
2013-06-09 18:26 . 2013-06-09 18:26    --------    d-----w-    c:\users\PC\AppData\Roaming\TeamViewer
2013-06-06 06:01 . 2013-06-06 06:01    --------    d-----w-    c:\programdata\Conexant
2013-06-06 06:00 . 2013-06-06 06:00    --------    d-----w-    c:\users\PC\AppData\Local\Conexant
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 03:29 . 2010-06-24 11:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-12 04:46 . 2012-07-01 14:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 04:46 . 2011-12-19 03:53    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 12:40 . 2011-12-19 03:32    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-02 13:07 . 2011-12-19 03:18    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-12 14:36 . 2013-04-24 01:01    1653096    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-04 18:50 . 2011-12-19 03:23    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-30 19:00 . 2013-03-30 19:01    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-30 19:00 . 2013-03-30 19:01    310688    ----a-w-    c:\windows\system32\javaws.exe
2013-03-30 19:00 . 2013-02-02 19:03    188832    ----a-w-    c:\windows\system32\javaw.exe
2013-03-30 19:00 . 2013-02-02 19:03    188320    ----a-w-    c:\windows\system32\java.exe
2013-03-30 19:00 . 2012-05-28 02:23    1085344    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-03-30 19:00 . 2012-02-29 03:59    963488    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-30 19:00 . 2013-03-30 19:00    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 18:59 . 2012-06-19 22:52    861088    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-03-30 18:59 . 2011-12-19 17:02    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-29 06:53 . 2013-03-29 06:53    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 07:08 . 2013-03-21 07:08    240952    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:19 . 2013-04-11 02:41    5497688    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:54 . 2013-04-11 02:41    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:06 . 2013-04-11 02:41    3958120    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06 . 2013-04-11 02:41    3902312    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53 . 2013-04-11 02:41    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:19 . 2013-04-11 02:41    112640    ----a-w-    c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"tvncontrol"="c:\program files (x86)\ShowMyPCService\tvnserver.exe" [2010-07-08 815704]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys;c:\windows\SYSNATIVE\Drivers\vm332avs.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe;c:\program files (x86)\ShowMyPCService\tvnserver.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 01:15    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 04:46]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 14:37]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 14:37]
.
2013-06-15 c:\windows\Tasks\Qgug.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7F6053F5-1F5F-426A-998C-C7959EF3DE30}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{E2133CC2-9725-4C5F-91B7-1C8B5AA7A7EC}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\8i2jd4fu.default-1352816315697\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-spinpalace - c:\microgaming\Casino\SpinPalace\install.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-16  00:28:05
ComboFix-quarantined-files.txt  2013-06-16 04:27
.
Pre-Run: 430,254,010,368 bytes free
Post-Run: 429,875,572,736 bytes free
.
- - End Of File - - 43B99ADE5D658A2B0F500154BB18DB81
D41D8CD98F00B204E9800998ECF8427E
 



#11 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 16 June 2013 - 12:03 AM

OK - I have used IOBit UNinstaller to:

- completely Uninstall IOBit Malware Fighter, and

- to Uninstall ONE of the 2 MSE programs ... but:

 

IOBit Uninstaller then identified a long, long list of 58 "fragments" of MSE - which I believe is all that remains of the SECOND MSE program

I believe I should proceed and have these remnants removed as well ... but will wait for direction from you.

 

(I tried, but wasn't allowed to attach two screen shots showing the MSE fragments ... )



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 16 June 2013 - 12:11 AM

OK remove what you can of MSE and then click on the fix here - http://support.microsoft.com/kb/2435760


and let me know how things are working



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 16 June 2013 - 12:24 AM

I UNinstalled the MSE fragments ... all of them were removed. I'll now click on the MSE fix link ...

 

Windows Vista or Windows 7

  1. Click
    2441486.jpg
    , and in the Search programs and files text box, type Appwiz.cpl, and then press ENTER.

- This search could not identify anything - I believe all pieces of both MSE programs have been removed - also because neither of the programs is listed anymore in the Program or in the Program(x86) folders (which is where they were, listed as Microsoft Security Client),

 

I'm now going to see what the glitches I reported are like ...



#14 ZeroHope

ZeroHope
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 16 June 2013 - 12:29 AM

Of Problems Originally Reported

 

- I STILL get this pop-up when I try to open/run almost any other program/app/folder, including MBAM, Java, RogueKiller, AVG, Smart Defrag, etc: "Do you want to allow the following program to make changes to this computer?"

- I STILL have the following ADWARE/PuPs bug ('RiverNileCasino') at this location - which SpyBot (alone) identified, but NO program has been able to remove:

HKEY_USERS\S-1-5-21-3540011253-2172918806-1318340375-1001\Software\MGS\Thumper

 

- I STILL have a "Command Prompt" window open (showing C:\Users\PC) that I cannot close - including by inputting "exit"



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 16 June 2013 - 12:42 AM


Hello ZeroHope



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users