Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Babylon Object Installer - another program is being installed


  • Please log in to reply
24 replies to this topic

#1 Hal06

Hal06

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 24 November 2013 - 07:54 PM

Hello. I have Babylon Object Installer on my computer. It appears that this is malware; however, when I try to uninstall it I get a message that another program is being installed. Huh? I know of no other program being installed. Any idea what this could be?

 

Many thanks.



BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:12 PM

Posted 25 November 2013 - 11:00 AM

Please download Malwarebytes Anti-Malware.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  When the installation has finished, make sure you leave both of these checked:
 
    Update Malwarebytes' Anti-Malware
 
    Launch Malwarebytes' Anti-Malware
 
Then click on Finish.
 
3)  MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. 
 
4)  Click on perform Quick Scan, then click on the Scan button.
 
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
 
5)  The scan will now begin, this may take some time to complete so please be patient.
 
6)  When the scan is finished click on Show Results to display all objects found.
 
7)  Click OK to close the message box and continue with the removal process.
 
8)  Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
 
Make sure that every item shown in the results has a check mark in the box next to it, then click on Remove Selected.
 
9)  When removal is completed, a log will open in Notepad.
 
This log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of the log in your next post, then exit MBAM.
 
Important:  If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Please copy the Malwarebytes log and paste it in your next post.
 
To locate this file right click on the Start orb and choose Open Windows Explorer, then click on C: drive.
 
When the C: drive opens click on the following:  ProgramData, Malwarebytes, Malwarebytes' Anti-Malware, Logs.  
 
If there is more than one log, choose the log with the date that you ran scan that I requested.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 25 November 2013 - 09:29 PM

It found around 600 items. Is there a way to select all rather than having to check every box?



#4 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 25 November 2013 - 11:03 PM

I've run malwarebytes several times. It keeps crashing. Each time there are fewer objects. But it still crashes. Am I doing something wrong?



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:12 PM

Posted 26 November 2013 - 10:37 AM

I'm going to request that this topic be moved to the Am I Infected forum where there are members who are better qualified to help with this type of problem.

 

Moderator Edit: Moved from Windows Vista forum to a more appropriate forum,

Roger


Edited by rotor123, 26 November 2013 - 10:41 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 26 November 2013 - 12:07 PM

Thanks for moving this topic. I spent several hours last night running Malwarebytes. Each time it would finish and I would have it remove selected but then it crashed.

 

There is also software installed called YAC - Yet Another Cleaner. I've read this is is not malware but scareware and tried removing it without success. Could this be causing malwarebytes to crash?

 

Thanks.



#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:12 PM

Posted 26 November 2013 - 12:18 PM



It found around 600 items. Is there a way to select all rather than having to check every box?

 

If there are a large number of items found you can go into Settings and click on Scanner Settings to change the setting in Action for potentially unwanted programs (PUP) to Show in results list and check for removal.
 
Malwarebytessettings_zpsb9b50638.png

 

 

Before running Mawarebytes please run RKill.

 

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  

 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
At this time you need to run your security applications.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run succefully you should reboot the computer to restore the processes and Windows Registry entries.

Edited by dc3, 26 November 2013 - 12:43 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 26 November 2013 - 01:55 PM

Thanks. Will do this tonight when I get home from work. Then post results.



#9 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 26 November 2013 - 06:23 PM

Roadkill report:

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/26/2013 06:19:09 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Harold\Desktop\rkill\rkill-11-26-2013-06-19-17.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 11/26/2013 06:20:57 PM
Execution time: 0 hours(s), 1 minute(s), and 48 seconds(s)
 



#10 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 26 November 2013 - 06:42 PM

I ran malwarebytes and it found 50 or so objects, mostly pups.I clicked on the remove object and the program stopped responding / crashed. I know the YAC is on the system and the safev9 are on my computer.



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:12 PM

Posted 26 November 2013 - 07:01 PM

The good poeple in the Am I Infected forum will help you from here. :thumbup2:


Edited by dc3, 27 November 2013 - 12:24 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:12 AM

Posted 26 November 2013 - 08:31 PM

Hello Hal, Lets run these first, then we will get back to MBAM.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
    This one can take a few hours.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 27 November 2013 - 06:52 AM

Mini Tool Box Results:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Harold (administrator) on 27-11-2013 at 06:50:50
Running from "C:\Users\Harold\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 5100 = Wireless Network Connection (Connected)
Realtek RTL8102/8103 Family PCI-E FE NIC = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Harold-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : earthlink.net

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-21-86-72-E9-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : earthlink.net
   Description . . . . . . . . . . . : Intel® Wireless WiFi Link 5100
   Physical Address. . . . . . . . . : 00-16-EA-AC-0B-20
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8513:c0ba:cd81:a022%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 26, 2013 1:54:10 PM
   Lease Expires . . . . . . . . . . : Wednesday, November 27, 2013 9:04:37 AM
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 10.0.1.1
   DHCPv6 IAID . . . . . . . . . . . : 335550186
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-24-7F-A6-00-1E-68-B3-4F-33
   DNS Servers . . . . . . . . . . . : 10.0.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8102/8103 Family PCI-E FE NIC
   Physical Address. . . . . . . . . : 00-1E-68-B3-4F-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.earthlink.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{A3662174-F49D-480B-B5F0-052861457871}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{A98992B0-41E2-4B88-9C95-D390AC7FE9E3}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : earthlink.net
   Description . . . . . . . . . . . : isatap.earthlink.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:285b:206:f5ff:fefd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::285b:206:f5ff:fefd%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:801::1004
      74.125.228.2
      74.125.228.3
      74.125.228.6
      74.125.228.0
      74.125.228.14
      74.125.228.1
      74.125.228.8
      74.125.228.4
      74.125.228.9
      74.125.228.5
      74.125.228.7



Pinging google.com [74.125.228.2] with 32 bytes of data:

Request timed out.

Reply from 74.125.228.2: bytes=32 time=101ms TTL=51



Ping statistics for 74.125.228.2:

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

    Minimum = 101ms, Maximum = 101ms, Average = 101ms

Server:  UnKnown
Address:  10.0.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=72ms TTL=51

Reply from 98.139.183.24: bytes=32 time=38ms TTL=51



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 38ms, Maximum = 72ms, Average = 55ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=12ms TTL=128

Reply from 127.0.0.1: bytes=32 time=6ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 6ms, Maximum = 12ms, Average = 9ms

===========================================================================
Interface List
 16 ...00 21 86 72 e9 af ...... Bluetooth Device (Personal Area Network)
 11 ...00 16 ea ac 0b 20 ...... Intel® Wireless WiFi Link 5100
 10 ...00 1e 68 b3 4f 33 ...... Realtek RTL8102/8103 Family PCI-E FE NIC
  1 ........................... Software Loopback Interface 1
 14 ...00 00 00 00 00 00 00 e0  isatap.earthlink.net
 17 ...00 00 00 00 00 00 00 e0  isatap.{A3662174-F49D-480B-B5F0-052861457871}
 19 ...00 00 00 00 00 00 00 e0  isatap.{A98992B0-41E2-4B88-9C95-D390AC7FE9E3}
 13 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 20 ...00 00 00 00 00 00 00 e0  isatap.earthlink.net
 18 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1         10.0.1.2     25
         10.0.1.0    255.255.255.0         On-link          10.0.1.2    281
         10.0.1.2  255.255.255.255         On-link          10.0.1.2    281
       10.0.1.255  255.255.255.255         On-link          10.0.1.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.1.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 18     18 2001::/32                On-link
 18    266 2001:0:9d38:90d7:285b:206:f5ff:fefd/128
                                    On-link
 11    281 fe80::/64                On-link
 18    266 fe80::/64                On-link
 18    266 fe80::285b:206:f5ff:fefd/128
                                    On-link
 11    281 fe80::8513:c0ba:cd81:a022/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    266 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/27/2013 06:49:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (11/27/2013 06:21:36 AM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16c4
Start Time: 01ceeb0da071b600
Termination Time: 47

Error: (11/26/2013 11:49:11 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\HAROLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\E7K5U3M5.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/26/2013 11:49:11 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\HAROLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\E7K5U3M5.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/26/2013 11:45:34 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\HAROLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\E7K5U3M5.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/26/2013 11:45:34 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\HAROLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\E7K5U3M5.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (11/26/2013 06:37:14 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a34
Start Time: 01ceeafe933fb630
Termination Time: 2399

Error: (11/26/2013 06:18:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (11/26/2013 05:26:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10349184

Error: (11/26/2013 05:26:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10349184


System errors:
=============
Error: (11/27/2013 02:43:11 AM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (11/27/2013 01:29:49 AM) (Source: DCOM) (User: )
Description: {36471C67-6A93-4434-92CC-4C614CD06666}

Error: (11/26/2013 09:47:03 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (11/26/2013 02:12:13 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (11/26/2013 06:31:36 AM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (11/25/2013 10:42:22 PM) (Source: Service Control Manager) (User: )
Description: QuickPlay Task Scheduler (QTS)

Error: (11/25/2013 10:37:12 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (11/25/2013 07:35:09 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (11/25/2013 05:44:19 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (11/24/2013 07:58:38 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505


Microsoft Office Sessions:
=========================
Error: (05/18/2013 02:14:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/07/2013 01:39:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 500 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/23/2013 01:16:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/16/2013 07:54:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8285 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (07/30/2012 05:45:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1415 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/09/2012 02:59:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/09/2012 02:58:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/29/2011 11:17:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 220 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/11/2011 07:46:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/14/2010 06:33:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4164 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-11-26 22:00:55.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:55.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:55.552
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:55.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:55.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:54.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:54.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:54.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:54.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-11-26 22:00:54.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Agere Systems HDA Modem
Apple Mobile Device Support (Version: 7.0.0.117)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.19)
CutePDF Writer 2.8
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (Version: 6.0.1.6200)
HP Photosmart Essential 2.5 (Version: 2.5)
HP QuickTouch 1.00 D2 (Version: 1.0.9)
HP Smart Web Printing 4.60 (Version: 4.60)
IB Updater Service (Version: 3.0.5.3)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 11.1.2.31)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
MobileMe Control Panel (Version: 3.1.3.0)
Move Media Player
Nitro Reader 3 (Version: 3.5.2.10)
Octoshape add-in for Adobe Flash Player
outobox 2013.11.12.181539 (Version: 2013.11.12.181539)
ProtectSmart Hard Drive Protection (Version: 3.10.1.7)
Speccy (Version: 1.20)
Synaptics Pointing Device Driver (Version: 10.2.4.0)
Updater By SweetPacks 2.0.0.609 (Version: 2.0.0.609)
WebEx

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 3998.27 MB
Available physical RAM: 1177.99 MB
Total Pagefile: 8199.79 MB
Available Pagefile: 5115.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.31 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:221.75 GB) (Free:26.78 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.13 GB) (Free:1.86 GB) NTFS

========================= Users: ========================================

User accounts for \\HAROLD-PC

Administrator            ASPNET                   Guest                    
Harold                   


**** End of log ****
 



#14 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 27 November 2013 - 06:57 AM

TDS: No threats found.



#15 Hal06

Hal06
  • Topic Starter

  • Members
  • 919 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, New York, USA
  • Local time:01:12 AM

Posted 27 November 2013 - 07:14 AM

ADWCleaner report:

 

# AdwCleaner v3.013 - Report created 27/11/2013 at 07:05:50
# Updated 24/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Harold - HAROLD-PC
# Running from : C:\Users\Harold\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Ask
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\Conduit
[!] Folder Deleted : C:\ProgramData\eSafe
[!] Folder Deleted : C:\ProgramData\Premium
[!] Folder Deleted : C:\ProgramData\Search Protection
[!] Folder Deleted : C:\ProgramData\StarApp
[!] Folder Deleted : C:\ProgramData\Viewpoint
[!] Folder Deleted : C:\ProgramData\Doownload kueepeR
[!] Folder Deleted : C:\ProgramData\safe asavE
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSafe
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DealPlyLive
[!] Folder Deleted : C:\Program Files (x86)\iSafe
[!] Folder Deleted : C:\Program Files (x86)\optimizer pro
[!] Folder Deleted : C:\Program Files (x86)\Searchprotect
[!] Folder Deleted : C:\Program Files (x86)\ss helper
[!] Folder Deleted : C:\Program Files (x86)\SweetIM
[!] Folder Deleted : C:\Program Files (x86)\Doownload kueepeR
[!] Folder Deleted : C:\Program Files (x86)\Connect_DLC_2
[!] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[!] Folder Deleted : C:\Windows\SysWOW64\ARFC
[!] Folder Deleted : C:\Windows\SysWOW64\jmdp
[!] Folder Deleted : C:\Windows\SysWOW64\WNLT
[!] Folder Deleted : C:\Program Files\Updater By SweetPacks
[!] Folder Deleted : C:\Users\Harold\AppData\Local\Babylon
[!] Folder Deleted : C:\Users\Harold\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Harold\AppData\Local\DealPlyLive
[!] Folder Deleted : C:\Users\Harold\AppData\Local\Supreme Savings
[!] Folder Deleted : C:\Users\Harold\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Harold\AppData\LocalLow\SweetIM
[!] Folder Deleted : C:\Users\Harold\AppData\LocalLow\safe asavE
[!] Folder Deleted : C:\Users\Harold\AppData\LocalLow\Connect_DLC_2
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\DealPly
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\eDownload
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\iSafe
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\Searchprotect
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\SendSpace
[!] Folder Deleted : C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\user.js
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtection]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306058
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{515B2424-5911-40BD-8A2C-BDB20286D8F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D99BD420-3BB9-4ECB-91F6-3C79236E28C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144994462}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D99BD420-3BB9-4ECB-91F6-3C79236E28C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53381786-D449-4AB1-BBB2-06BFB33FD4BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11B44098-EBD1-4231-9A52-D18C2FBFB605}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_2
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Connect_DLC_2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\e7k5u3m5.default\prefs.js ]

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3306058&octid=CT3306058&SearchSource=61&CUI=UN29239927103212715&UM=2&UP=SP6A3894DB-092B-4C0A-8BBE-D28DD6604775");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.newtab.url", "hxxp://safe.v9.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=DE0C54D7DBF3493283C508134EAEE9C7&tb_oid=25-06-2013&tb_mrud=25-06-2013");
Line Deleted : user_pref("extensions.51c9701cb16ae.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112463");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "78e89f5500000000000000218672e9af");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "78e89f5500000000000000218672e9af");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15481");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112463&babsrc=NT_ss&mntrId=78e89f5500000000000000218672e9af");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:56:35");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.crossrider.bic", "13d75b92af51cc52cddd09cf403bcbf6");
Line Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112463&babsrc=KW_ss&mntrId=78e89f5500000000000000218672e9af&q=");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306058&octid=CT3306058&SearchSource=61&CUI=UN29239927103212715&UM=2&UP=SP6A3894DB-092B-4C0A-8BBE-D28DD6604775");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:blank");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={8D7616E7-8E98-11E2-8553-00218672E9AF}");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18763 octets] - [27/11/2013 06:58:31]
AdwCleaner[S0].txt - [17447 octets] - [27/11/2013 07:05:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17508 octets] ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users