Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing "Prism NSA Internet Surveillance Program"


  • This topic is locked This topic is locked
28 replies to this topic

#1 kimmyhead

kimmyhead

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 31 May 2014 - 09:17 AM

Morning.  Im trying really hard to keep from losing my cool with this s&%#!  I was given this Dell Inspiron e1505 laptop to help me out with a new job...if I can remove the ransomware. I desperately need it fixed, so I can start using it and not this slow piece of ...., I've been using. As usual, the second I even begin to attempt anything, Im filled with aggravation! Please help me get this taken care of once and for all! Im know some about PCs, but no expert, so plain simple english, would be appreciated..thanks.

 

The name of the ransomware is, "Prism NSA Internet Surveillance Program" and won't let me access the desktop, nothing at all. I read all about and tried the "HitmanPro/Kickstart", that u suggest, on a clean, formatted USB flash drive, but it gets to the part where it scans of the computer and then tells me there's no internet connection. I thought I'd read on the user manual that I don't have to worry about all that? Im very confused and fearing Im gonna lose a good job opportunity, if this isnt up and running soon...or Im gonna throw it thru the wall and I dont wanna do that! Please help!

 

Thought I'd let you know, I'm leaving for a few hrs, for another job. Will check back with you then, for any suggestions offered. Thank you in advance....

 

Kim



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 01 June 2014 - 06:42 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi kimmyhead,

FRST Scan from RECOVERY Environment on Vista, 7, and 8:
 
On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 
 
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========
 
On the System Recovery Options menu you will get the following options:
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
Select Command Prompt
 
==========
 
 
Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 04 June 2014 - 01:52 PM

Hi kimmyhead,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 kimmyhead

kimmyhead
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 05 June 2014 - 08:04 PM

Hello,

 

My apologies to you for not getting back to you on this sooner! Been working lots of hrs and trying to complete your 1st request, with a PC that is very S-L-O-W!  However, I believe I've followed your steps correctly and here is the FRST.txt file requested:

 

 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by SYSTEM on MININT-OG5AI3T on 05-06-2014 17:55:47
Running from E:\
Platform: Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [GameNutt_2s Browser Plugin Loader] => C:\PROGRA~1\GAMENU~2\bar\1.bin\2sbrmon.exe
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-02-13] (RealNetworks, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM\...\Run: [gbrspcontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1464536 2013-07-08] (COMODO)
HKU\Mitch\...\Run: [SmileboxTray] => C:\Users\Mitch\AppData\Roaming\Smilebox\SmileboxTray.exe [305000 2012-07-02] (Smilebox, Inc.)
HKU\Mitch\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3774680 2012-08-26] (Speedbit Ltd.)
HKU\Mitch\...\Run: [DAP10] => C:\Program Files\DAP\DAP.EXE [3774680 2012-08-26] (Speedbit Ltd.)
HKU\Mitch\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [1517296 2012-08-26] (SPEEDbit)
AppInit_DLLs: C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll => C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll [1236368 2011-12-06] (Bandoo Media, inc)
AppInit_DLLs:  C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll => C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll [1233816 2011-12-06] (Bandoo Media, inc)
Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oabnjwl8.lnk
ShortcutTarget: oabnjwl8.lnk -> C:\ProgramData\8lwjnbao.plz (Daniel Pistelli)
 
========================== Services (Whitelisted) =================
 
S2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4801304 2013-07-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [127192 2013-06-18] (COMODO)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [277744 2012-08-26] (SpeedBit Ltd.)
S2 Winmgmt; C:\ProgramData\8lwjnbao.plz [192912 2013-09-17] (Daniel Pistelli)
S2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [X]
S2 GameNutt_2sService; C:\PROGRA~1\GAMENU~2\bar\1.bin\2sbarsvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2013-05-06] (Windows ® Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-06-18] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [582936 2013-07-08] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2013-06-18] (COMODO)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-05-31] ()
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [85464 2013-06-18] (COMODO)
S3 PTUMWBus; C:\Windows\System32\DRIVERS\PTUMWBus.sys [54416 2009-07-18] (DEVGURU Co., LTD.)
S3 PTUMWCSP; C:\Windows\System32\DRIVERS\PTUMWCSP.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWFLT; C:\Windows\System32\DRIVERS\PTUMWFLT.sys [12048 2009-07-18] (DEVGURU Co., LTD.)
S3 PTUMWMdm; C:\Windows\System32\DRIVERS\PTUMWMdm.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWNET; C:\Windows\System32\DRIVERS\PTUMWNET.sys [114192 2009-07-18] (DEVGURU Co., LTD.)
S3 PTUMWNSP; C:\Windows\System32\DRIVERS\PTUMWNSP.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWVsp; C:\Windows\System32\DRIVERS\PTUMWVsp.sys [160400 2009-07-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-03-20] (Smith Micro Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-05 17:55 - 2014-06-05 17:55 - 00000000 ____D () C:\FRST
2014-05-31 03:16 - 2014-05-31 03:16 - 00030976 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
 
==================== One Month Modified Files and Folders =======
 
2014-06-05 17:55 - 2014-06-05 17:55 - 00000000 ____D () C:\FRST
2014-06-05 17:09 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-06-03 07:23 - 2013-09-05 11:12 - 00660752 _____ () C:\Windows\System32\Drivers\sfi.dat
2014-05-31 06:22 - 2009-07-13 20:34 - 00013728 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 06:22 - 2009-07-13 20:34 - 00013728 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 06:15 - 2013-09-17 21:27 - 00000000 _____ () C:\ProgramData\oabnjwl8.ctrl
2014-05-31 06:15 - 2012-12-25 04:23 - 00016384 _____ () C:\Windows\System32\Ikeext.etl
2014-05-31 06:15 - 2012-10-25 06:06 - 00003404 _____ () C:\Windows\setupact.log
2014-05-31 06:15 - 2012-09-01 03:18 - 00000000 ____D () C:\Users\Mitch\AppData\Local\Temp
2014-05-31 06:15 - 2011-12-16 09:45 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-31 03:16 - 2014-05-31 03:16 - 00030976 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-05-31 03:15 - 2011-12-08 10:26 - 01834987 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 10:35 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
 
Files to move or delete:
====================
C:\ProgramData\8lwjnbao.plz
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\oabnjwl8.ctrl
C:\ProgramData\oabnjwl8.pff
C:\ProgramData\wbe.exe
C:\Users\Mitch\avg_free_stb_en_2012_1890.exe
C:\Users\Mitch\iLividSetupV1.exe
C:\Users\Mitch\jre-6u30-windows-i586-iftw.exe
C:\Users\Mitch\jre-6u30-windows-i586-iftw_1.exe
C:\Users\Mitch\setup_1.exe
C:\Users\Mitch\va32.exe
 
 
Some content of TEMP:
====================
C:\Users\Mitch\AppData\Local\Temp\Update.exe
C:\Users\Mitch\AppData\Local\Temp\wiltkwtvosfiutvvbcp.bfg
 
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2012-09-15 08:01:55
Restore point made on: 2012-09-18 01:52:47
Restore point made on: 2012-10-01 05:38:55
Restore point made on: 2012-12-07 07:34:16
Restore point made on: 2013-03-26 21:16:21
Restore point made on: 2013-09-05 10:59:32
Restore point made on: 2013-09-05 11:01:36
Restore point made on: 2013-09-05 11:12:36
Restore point made on: 2014-04-28 12:50:29
Restore point made on: 2014-05-28 10:44:07
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 1014.44 MB
Available physical RAM: 683.78 MB
Total Pagefile: 1014.44 MB
Available Pagefile: 682.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:90.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (FRST) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: C21FD473)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 904E99DD)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)
 
 
LastRegBack: 2014-05-28 10:36
 
==================== End Of Log ============================

Edited by kimmyhead, 05 June 2014 - 08:07 PM.


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 06 June 2014 - 12:31 PM

Hi kimmyhead,
 
No worries, the FRST log is correct :)
 
Running a fix Using Farbar's Recovery Scan Tool in the Recovery Environment:

  • From your clean computer, press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\Run: [] => [X]
Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oabnjwl8.lnk
ShortcutTarget: oabnjwl8.lnk -> C:\ProgramData\8lwjnbao.plz (Daniel Pistelli)
S2 Winmgmt; C:\ProgramData\8lwjnbao.plz [192912 2013-09-17] (Daniel Pistelli)
S2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [X]
S2 GameNutt_2sService; C:\PROGRA~1\GAMENU~2\bar\1.bin\2sbarsvc.exe [X]
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\oabnjwl8.ctrl
C:\ProgramData\oabnjwl8.pff
C:\ProgramData\wbe.exe
C:\Users\Mitch\iLividSetupV1.exe
C:\Users\Mitch\jre-6u30-windows-i586-iftw.exe
C:\Users\Mitch\jre-6u30-windows-i586-iftw_1.exe
C:\Users\Mitch\setup_1.exe
C:\Users\Mitch\va32.exe
C:\Users\Mitch\avg_free_stb_en_2012_1890.exe
C:\Users\Mitch\AppData\Local\Temp\wiltkwtvosfiutvvbcp.bfg
  • Insert the USB device into your infected computer
  • Follow the process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool.

On a clean machine, please download Farbar Recovery Scan Tool and save it to the USB (feel free to use the frst download from my last instructions, if you still have it on the USB).
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

--------------
 
To recap, in your next reply I would like to see the following:

  • Fixlog.txt
  • Can your computer boot normally now?

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 kimmyhead

kimmyhead
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 07 June 2014 - 11:56 PM

Hello,

OMG!! YES, my computer boots like a normal computer should!! WooHoo! Thanks again for all ur help! You guys (gals) are the best! Here's the Fixlog.txt requested:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by SYSTEM at 2014-06-07 21:48:18 Run:1
Running from E:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
Startup: C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oabnjwl8.lnk
ShortcutTarget: oabnjwl8.lnk -> C:\ProgramData\8lwjnbao.plz (Daniel Pistelli)
S2 Winmgmt; C:\ProgramData\8lwjnbao.plz [192912 2013-09-17] (Daniel Pistelli)
S2 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [X]
S2 GameNutt_2sService; C:\PROGRA~1\GAMENU~2\bar\1.bin\2sbarsvc.exe [X]
C:\ProgramData\ism_0_llatsni.pad
C:\ProgramData\oabnjwl8.ctrl
C:\ProgramData\oabnjwl8.pff
C:\ProgramData\wbe.exe
C:\Users\Mitch\iLividSetupV1.exe
C:\Users\Mitch\jre-6u30-windows-i586-iftw.exe
C:\Users\Mitch\jre-6u30-windows-i586-iftw_1.exe
C:\Users\Mitch\setup_1.exe
C:\Users\Mitch\va32.exe
C:\Users\Mitch\avg_free_stb_en_2012_1890.exe
C:\Users\Mitch\AppData\Local\Temp\wiltkwtvosfiutvvbcp.bfg
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oabnjwl8.lnk => Moved successfully.
C:\ProgramData\8lwjnbao.plz => Moved successfully.
Winmgmt => Service restored successfully.
Brother XP spl Service => Service deleted successfully.
GameNutt_2sService => Service deleted successfully.
C:\ProgramData\ism_0_llatsni.pad => Moved successfully.
C:\ProgramData\oabnjwl8.ctrl => Moved successfully.
C:\ProgramData\oabnjwl8.pff => Moved successfully.
C:\ProgramData\wbe.exe => Moved successfully.
C:\Users\Mitch\iLividSetupV1.exe => Moved successfully.
C:\Users\Mitch\jre-6u30-windows-i586-iftw.exe => Moved successfully.
C:\Users\Mitch\jre-6u30-windows-i586-iftw_1.exe => Moved successfully.
C:\Users\Mitch\setup_1.exe => Moved successfully.
C:\Users\Mitch\va32.exe => Moved successfully.
C:\Users\Mitch\avg_free_stb_en_2012_1890.exe => Moved successfully.
C:\Users\Mitch\AppData\Local\Temp\wiltkwtvosfiutvvbcp.bfg => Moved successfully.

==== End of Fixlog ====

#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 08 June 2014 - 05:32 AM

Hi kimmyhead,
 
You are welcome, and I'm glad to hear it boots. We still have some more work to be done to make sure the computer is completely clean though :)
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 kimmyhead

kimmyhead
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 08 June 2014 - 10:26 PM

Oops, in my excitement, I guess I jumped the gun! Here's the scan log requested:

# AdwCleaner v3.212 - Report created 08/06/2014 at 20:15:08
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Mitch - MITCH-PC
# Running from : C:\Users\Mitch\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Mitch\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Mitch\Desktop\SPEEDbit Video Downloader.lnk
Folder Found : C:\Conduit
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\SearchPredict
Folder Found : C:\Program Files\Speedbit Video Downloader
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Found : C:\ProgramData\speedypc software
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Mitch\AppData\Local\Babylon
Folder Found : C:\Users\Mitch\AppData\Local\Ilivid Player
Folder Found : C:\Users\Mitch\AppData\Local\PackageAware
Folder Found : C:\Users\Mitch\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Mitch\AppData\LocalLow\Conduit
Folder Found : C:\Users\Mitch\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Mitch\AppData\LocalLow\searchquband
Folder Found : C:\Users\Mitch\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Mitch\AppData\Roaming\Babylon
Folder Found : C:\Users\Mitch\AppData\Roaming\DriverCure
Folder Found : C:\Users\Mitch\AppData\Roaming\speedypc software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Found : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Found : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3059010
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3061355
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Found : HKLM\Software\speedypc software
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


*************************

AdwCleaner[R0].txt - [16785 octets] - [08/06/2014 20:15:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16846 octets] ##########

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 09 June 2014 - 01:40 PM

Hi kimmyhead,
 
Hehe, no worries. Just telling you we aren't completely finished :)
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 kimmyhead

kimmyhead
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 09 June 2014 - 07:51 PM

Hi again..I ran the AdwCleaner.exe again, scanned and cleaned it. I was trying to copy/paste it in my reply to you, however, it'll allow me to copy it with no problem, but not paste it on reply?? Instead, the whole screen is highlighted and a new window pops up, titled "Paste". It tells bcuz of my browser security settings, the editor isn't able to access the clipboard data directly. It says I'm required to paste it again in this window or using the keyboard and (Ctrl/Cmd + V). I'll wait to hear from you before going any further.  Thanks



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 10 June 2014 - 11:09 AM

Hi kimmyhead,

 

Try pressing Ctrl and V on the keyboard together and seeing if it will paste into that window.

If that doesn't work then please take a screenshot and upload it to your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 kimmyhead

kimmyhead
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 10 June 2014 - 12:37 PM

Good morning! Yep, that seemed to do the trick..Here's the 3 reports requested:

AdwCleaner Clean Log:

# AdwCleaner v3.212 - Report created 09/06/2014 at 16:33:40
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Mitch - MITCH-PC
# Running from : C:\Users\Mitch\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Conduit
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\speedypc software
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Speedbit Video Downloader
Folder Deleted : C:\Users\Mitch\AppData\Local\Babylon
Folder Deleted : C:\Users\Mitch\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Mitch\AppData\Local\PackageAware
Folder Deleted : C:\Users\Mitch\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Mitch\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mitch\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Mitch\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Mitch\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Mitch\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Mitch\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Mitch\AppData\Roaming\speedypc software
File Deleted : C:\Users\Mitch\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Mitch\Desktop\SPEEDbit Video Downloader.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\speedypc software
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\speedypc software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


*************************

AdwCleaner[R0].txt - [16927 octets] - [08/06/2014 20:15:08]
AdwCleaner[R1].txt - [17047 octets] - [09/06/2014 16:31:52]
AdwCleaner[S0].txt - [16832 octets] - [09/06/2014 16:33:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16893 octets] ##########



FRST.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 03
Ran by Mitch (administrator) on MITCH-PC on 10-06-2014 10:24:29
Running from C:\Users\Mitch\Desktop
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(SpeedBit Ltd.) C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.exe
(SPEEDbit) C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Speedbit Ltd.) C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056 2012-02-13] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3774680 2012-08-26] (Speedbit Ltd.)
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\Run: [DAP10] => C:\Program Files\DAP\DAP.EXE [3774680 2012-08-26] (Speedbit Ltd.)
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\Run: [SpeedBitVideoAccelerator] => C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [1517296 2012-08-26] (SPEEDbit)
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\MountPoints2: G - G:\autorun.exe
HKU\S-1-5-21-2943221051-1409707418-180195450-1000\...\MountPoints2: {721dd5ea-ef19-11e3-8cb0-0019b95fbcf6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3B58731D93B8CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Yxdm009YYus&ptb=6D76C0A4-5272-4D20-94B8-554F2A30D92D&ind=2011121706&ptnrS=9Yxdm009YYus&si=1591-US&n=77df482a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL =
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://home.speedbit.com/search.aspx?s=C8Ra206&q={searchTerms}
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - !{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
Toolbar: HKLM - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.2.72 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: RivalGaming - C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-01-07]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-02-13]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2012-08-26]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-10-14] (Microsoft Corporation) [File not signed]
R2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] () [File not signed]
R2 VideoAcceleratorService; C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe [277744 2012-08-26] (SpeedBit Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
R3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [106496 2011-05-09] (Incorporated)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-05-31] ()
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2010-04-12] (PowerISO Computing, Inc.) [File not signed]
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCSP; system32\DRIVERS\PTUMWCSP.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWNSP; system32\DRIVERS\PTUMWNSP.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 10:24 - 2014-06-10 10:25 - 00009424 _____ () C:\Users\Mitch\Desktop\FRST.txt
2014-06-10 10:22 - 2014-06-10 10:22 - 01177600 _____ (Farbar) C:\Users\Mitch\Desktop\FRST.exe
2014-06-09 12:53 - 2014-06-09 12:53 - 00347816 _____ (Microsoft Corporation) C:\Users\Mitch\Desktop\MicrosoftFixit.IEAddon.WER.Run.exe
2014-06-08 20:14 - 2014-06-09 16:33 - 00000000 ____D () C:\AdwCleaner
2014-06-08 16:32 - 2014-06-08 16:32 - 01333465 _____ () C:\Users\Mitch\Desktop\AdwCleaner.exe
2014-06-08 16:22 - 2014-06-08 16:23 - 00677888 _____ ( ) C:\Users\Mitch\Downloads\ZipSetup.exe.dap
2014-06-08 16:20 - 2014-06-08 16:20 - 01333465 _____ () C:\Users\Mitch\Downloads\adwcleaner_3.212.exe.dap
2014-06-08 15:31 - 2012-06-02 15:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-06-08 15:31 - 2012-06-02 15:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-06-08 15:31 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-06-08 15:31 - 2012-06-02 15:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-06-08 15:31 - 2012-06-02 15:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-06-08 15:31 - 2012-06-02 15:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-06-08 15:31 - 2012-06-02 15:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-06-08 15:31 - 2012-06-02 15:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-06-08 15:31 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-06-08 14:42 - 2014-06-08 14:42 - 00000000 ____D () C:\Program Files\Froyo_Android_Driver
2014-06-08 14:42 - 2011-05-09 18:09 - 00106496 _____ (Incorporated) C:\Windows\system32\Drivers\CT_U_USBSER.sys
2014-06-08 07:41 - 2014-06-08 07:41 - 00000000 ____D () C:\Users\Mitch\AppData\Roaming\AVG2014
2014-06-08 07:40 - 2014-06-08 07:40 - 00000935 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-06-08 07:40 - 2014-06-08 07:40 - 00000000 ____D () C:\Users\Mitch\AppData\Roaming\TuneUp Software
2014-06-08 07:40 - 2014-06-08 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-06-08 07:39 - 2014-06-08 07:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-06-08 07:36 - 2014-06-08 08:34 - 00000000 ____D () C:\Users\Mitch\AppData\Local\Avg2014
2014-06-08 07:36 - 2014-06-08 07:36 - 00000000 ____D () C:\Users\Mitch\AppData\Local\MFAData
2014-06-08 07:35 - 2014-06-08 07:35 - 04485528 _____ (AVG Technologies) C:\Users\Mitch\Downloads\avg_free_stb_all_2014_4577_cnet.exe
2014-06-08 01:52 - 2014-06-09 16:36 - 00001052 _____ () C:\Windows\setupact.log
2014-06-08 01:52 - 2014-06-08 01:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-08 01:26 - 2014-06-08 07:32 - 00000000 ____D () C:\Program Files\Google
2014-06-08 01:26 - 2014-06-08 01:26 - 00000000 ____D () C:\Users\Mitch\AppData\Local\Apps\2.0
2014-06-08 01:25 - 2014-06-08 01:26 - 00000000 ____D () C:\Users\Mitch\AppData\Local\Deployment
2014-06-07 23:14 - 2014-06-07 23:14 - 00053794 _____ () C:\Windows\system32\PTUMWsetup_20140607.log
2014-06-07 23:00 - 2014-06-07 23:00 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-05 18:55 - 2014-06-10 10:24 - 00000000 ____D () C:\FRST
2014-05-31 04:16 - 2014-05-31 04:16 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-13 14:19 - 2014-05-13 14:19 - 00192280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00122136 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-05-13 14:17 - 2014-05-13 14:17 - 00107288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-05-13 14:09 - 2014-05-13 14:09 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys

==================== One Month Modified Files and Folders =======



Addition.txt


Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-06-2014 03
Ran by Mitch at 2014-06-10 10:25:32
Running from C:\Users\Mitch\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - )
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 10036 (Build 2451) - Speedbit Ltd.)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OnDemand5 (HKLM\...\{5F7DFDFA-27B3-4E06-BCDE-B371424C0032}) (Version: 5.8.1.9 - )
PowerISO (HKLM\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SpeedBit Video Accelerator (HKLM\...\SpeedBit Video Accelerator) (Version: 3366(build_3035) - SpeedBit Ltd.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

07-12-2012 15:34:01 Scheduled Checkpoint
27-03-2013 05:16:03 Scheduled Checkpoint
05-09-2013 18:59:12 Removed AVG 2012
05-09-2013 19:01:30 Removed AVG 2012
05-09-2013 19:12:24 Device Driver Package Install: COMODO Network Service
28-04-2014 20:50:03 Scheduled Checkpoint
28-05-2014 18:43:47 Scheduled Checkpoint
08-06-2014 05:27:18 Scheduled Checkpoint
08-06-2014 05:59:46 Removed GeekBuddy.
08-06-2014 06:06:08 Removed SaveTheChildren Reminder by We-Care.com v4.0.18.4
08-06-2014 06:06:52 Removed BabylonObjectInstaller
08-06-2014 06:13:04 Removed VZAccess Manager.
08-06-2014 14:38:23 Installed AVG 2014
08-06-2014 14:39:02 Installed AVG 2014
08-06-2014 22:30:34 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10F0D012-A5D3-443F-8A2B-B77EC7139C7A} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\Mitch\AppData\Local\Temp\cisBE8E.exe <==== ATTENTION
Task: {204603F2-EF13-47FB-9C5B-1A75AC1EE46E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2943221051-1409707418-180195450-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {2EBD1413-21A0-4FDD-B9EC-122B2F193A51} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2943221051-1409707418-180195450-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {36DF69A4-BE82-4D88-8619-50AB7C9BED31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-08] (Adobe Systems Incorporated)
Task: {5DC6A223-4487-4CF3-851D-B66F5FF9A305} - System32\Tasks\SBWUpdateTask_Time_ecd771b4-0019D2AF4D0D => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-12-16] (Speedbit Ltd.)
Task: {611CEB25-DE0E-491D-879C-2DF0EE5348EE} - System32\Tasks\SBWUpdateTask_Logon_ecd771b4-000000000000 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-12-16] (Speedbit Ltd.)
Task: {71BD61C4-DE03-4EE9-BEE2-36780901F07D} - System32\Tasks\SBWUpdateTask_Logon_ecd771b4-0019D2AF4D0D => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-12-16] (Speedbit Ltd.)
Task: {8664A17B-B421-44E0-BA61-C4E0F1A56824} - System32\Tasks\SBWUpdateTask_Time_ecd771b4-000000000000 => C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2011-12-16] (Speedbit Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-08 14:42 - 2011-05-12 14:23 - 00512000 _____ () C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2012-08-26 21:09 - 2012-08-26 21:09 - 00231152 _____ () C:\Program Files\SpeedBit Video Accelerator\Monitor.dll
2011-12-16 10:40 - 2011-12-16 10:40 - 00053248 _____ () C:\Program Files\DAP\zlib.dll
2012-08-26 21:03 - 2012-08-26 21:03 - 00009216 _____ () C:\ProgramData\Speedbit\DAP\Plugins\AddonsCondition.dll
2011-12-16 10:45 - 2011-12-16 10:40 - 00084480 _____ () C:\Windows\system32\EasyHook32.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2014 04:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x1760
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 00:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x12c4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 00:43:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_shell32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x027a02c8
Faulting process id: 0x6c4
Faulting application start time: 0xrundll32.exe_shell32.dll0
Faulting application path: rundll32.exe_shell32.dll1
Faulting module path: rundll32.exe_shell32.dll2
Report Id: rundll32.exe_shell32.dll3

Error: (06/09/2014 00:42:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x1750
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 00:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x1420
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 00:41:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x1340
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 00:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x1234
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 11:35:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1808

Start Time: 01cf83f0e6d606dc

Termination Time: 936

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: bf8b4124-f004-11e3-8cb0-0019b95fbcf6

Error: (06/09/2014 07:40:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000008
Fault offset: 0x0007f392
Faulting process id: 0x1d3c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/08/2014 03:35:50 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll (1008) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x00AD0320

Session-context: 0x00000000

Session-context ThreadId: 0x000006D0

Cleanup: 1


System errors:
=============
Error: (06/10/2014 00:55:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.

Error: (06/09/2014 04:26:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (06/08/2014 02:42:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The UDisk Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/07/2014 11:02:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (06/07/2014 09:58:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:22:59 AM on ‎6/‎3/‎2014 was unexpected.

Error: (06/03/2014 08:23:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (06/03/2014 08:22:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/31/2014 01:24:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (05/31/2014 01:24:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (05/31/2014 07:24:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (06/09/2014 04:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f392176001cf843cb4b70cafC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllf4e3e9b9-f02f-11e3-8e9a-0019b95fbcf6

Error: (06/09/2014 00:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f39212c401cf841b31229180C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll71b36856-f00e-11e3-a2a0-0019b95fbcf6

Error: (06/09/2014 00:43:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_shell32.dll6.1.7600.163854a5bc637unknown0.0.0.000000000c0000005027a02c86c401cf841b06b9ad3eC:\Windows\System32\rundll32.exeunknown5abbe171-f00e-11e3-a2a0-0019b95fbcf6

Error: (06/09/2014 00:42:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f392175001cf841af8905d7dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll36f43252-f00e-11e3-a2a0-0019b95fbcf6

Error: (06/09/2014 00:42:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f392142001cf841ae0dcc9e3C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll1f9b1302-f00e-11e3-a2a0-0019b95fbcf6

Error: (06/09/2014 00:41:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f392134001cf841add7cb65fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll1bfaba58-f00e-11e3-a2a0-0019b95fbcf6

Error: (06/09/2014 00:41:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f392123401cf841ad78ba710C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll174b04cd-f00e-11e3-a2a0-0019b95fbcf6

Error: (06/09/2014 11:35:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.7600.16385180801cf83f0e6d606dc936C:\Program Files\Internet Explorer\iexplore.exebf8b4124-f004-11e3-8cb0-0019b95fbcf6

Error: (06/09/2014 07:40:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69entdll.dll6.1.7600.163854a5bdadbc00000080007f3921d3c01cf83f0c95055d6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll0ad197a7-efe4-11e3-8cb0-0019b95fbcf6

Error: (06/08/2014 03:35:50 PM) (Source: ESENT) (EventID: 623) (User: )
Description: wuaueng.dll1008SUS20ClientDataStore: 0320x00AD03200x000000000x000006D01


==================== Memory info ===========================

Percentage of memory in use: 78%
Total physical RAM: 1014.44 MB
Available physical RAM: 214.11 MB
Total Pagefile: 2612.44 MB
Available Pagefile: 1441.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:90.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: C21FD473)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
Could not read MBR for disk 1.

==================== End Of Log ============================

#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 10 June 2014 - 12:57 PM

Hi kimmyhead,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9Yxdm009YYus&ptb=6D76C0A4-5272-4D20-94B8-554F2A30D92D&ind=2011121706&ptnrS=9Yxdm009YYus&si=1591-US&n=77df482a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL =
Toolbar: HKLM - No Name - !{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File
Toolbar: HKLM - No Name - !{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No File
Toolbar: HKCU - No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCSP; system32\DRIVERS\PTUMWCSP.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWNSP; system32\DRIVERS\PTUMWNSP.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]
Task: {10F0D012-A5D3-443F-8A2B-B77EC7139C7A} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\Mitch\AppData\Local\Temp\cisBE8E.exe <==== ATTENTION
C:\Users\Mitch\AppData\Local\Temp\cisBE8E.exe
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:862BDB1A
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Malwarebytes log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 kimmyhead

kimmyhead
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Phoenix, AZ, USA
  • Local time:11:09 AM

Posted 10 June 2014 - 06:22 PM

How can I be sure that both the FRST.exe/FRST64.exe and fixlist.txt are all in the same location??



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:09 PM

Posted 11 June 2014 - 10:45 AM

Hi kimmyhead,

 

Make sure the fixlist is saved to your desktop and then run FRST (Farbar Recovery Scan Tool).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users