~--- Ukash Virus/Ransomware ICE. can't access desktop from login ---~

[IndigoEarth]

Dearest Malwarebytes staff   ,

I have contracted the Canadian "Polizei" version of the Ukash/Ransomware ICE virus within the last 24 hrs.

I am using Windows VISTA Home Premium.

After searching the corners of the internet for solutions, which there are a handful, I CANNOT flush this virus out. Unable to find solutions for my unique situation.
Here is what I do:

• I press F8 upon new start
• Advanced Boot Options is displayed, and I've tried selecting "Safe Mode", "Safe Mode with Networking", and "Safe Mode with Command Prompt".
• Upon being met with the user log-in screen, I enter my password hoping to be greeted with the command prompt. No luck.
• What happens next after entering password is this: "Welcome" - "Logging Off" - "Shutting Down". and the computer restarts itself on me.

So in summary, I cannot even access my desktop whatsoever in order to be able to do anything else.
*My CD-ROM drive has been broken for years, so I cannot insert Windows reboot CD

....should I try "Repair Your Computer" instead of anything else?

......what should I do? Please Help!

Thank you kindly.

[MrCharlie]

Welcome to the forum, here's how we deal with that malware:

• Please download Farbar Recovery Scan Tool and save it to a flash drive.

  Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  Plug the flash drive into the infected PC.

• If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

  If you are using Vista or Windows 7 enter System Recovery Options.

  To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

  To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

  To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
• On the System Recovery Options menu you will get the following options:

  • • Startup Repair

      System Restore

      Windows Complete PC Restore

      Windows Memory Diagnostic Tool

      Command Prompt

      Select Command Prompt

      Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

[sb810]

Hello MrCharlie,

 

Thanks to your answer to IndigoEarth, I was able to get myself a FRST.txt file with the Farbar Recovery Scan Tool.

 

I have the same problem, and I can't seem to find a way of deleting the virus...

When my computer starts, I get the Ukash pop-up, but right before that I'm able to restart with the Advanced startup options (I'm running Windows 8 x64)

 

I can't get at all into Safe Mode, the computer restarts automatically when I do so.

I still can get to the command prompt via the Advanced Startup Options menu, and that's how I could get the txt file I'm sending you right now.

 

I was thinking maybe I could boot from a different OS and try to clean the virus from there... But I'm not trying anything right now, I believe there are too much risks.

 

Just saying, I've already contracted this virus 2 times before this one, and each time I was able to kill it by entering Safe Mode and executing a small piece of software I've got that automatically deletes the Ukash Canadian Mounted Police ransomware.

 

Thank you very much, I'm looking forward to your answer!

 

Shawn

 

FRST.txt

 

[MrCharlie]

@sb810, you have to start your own topic to get help, right now you're hijacking this one.

Do that and I'll help you there.

MrC

[IndigoEarth]

...Thanks MrCharlie.

I have to locate a flash drive as i do not own one but this won't take long. 

I'll reply again as soon as I have the datafile from the scan.

[MrCharlie]

OK, I should be around a couple of more hours, if not I'll be back in the AM.

 

MrC

[IndigoEarth]

Hi MrCharlie and others, 

My attempts to scan with a flash drive are unsuccessful.
First I tried using a hard drive (WD Passport), then of course, a newly purchased Kingston 16GB flash drive.

At this stage= "

• Select "Computer" and find your flash drive letter and close the notepad."

...my computer refuses to recognize the presence of any extra drives. After inserting the flash drive into all 4 USB ports and restarting, it will not acknowledge any flash drives.

what do I do now.....? Locked out of my computer desktop and cant use any drives. I've been searching the internet high and low for any keywords similar to my dilemma but everyone else always finds a different way around it before reaching my position.

I'm able to get the command prompt only by selecting "Repair My Computer", perhaps I can type something else in at that point.

Thanks a lot for the help.

[MrCharlie]

Would you be able to create a cd or dvd?

 

MrC

[IndigoEarth]

Only from another computer. The CD ROM engine/drive is busted, it hasn't worked for a few years.
I tried to do a system restore but Murphy's Law struck again, saying computer cannot find any restore points.

I tried hitting CTRL+ALT+DEL immediately after typing log-in password and I brought up the Task Manager but there were Zero applications running and No suspicious processes, nor any services I could distinguish as being strange.
I also typed "regedit" into the command prompt and tried 3 different methods suggested in Youtube videos, none worked.

I'm reading up on Anvisoft steps at the moment....running out of options I guess. Would any anti-virus personnel in the world be able to fix this one? Seems to be a harsh variant.

[MrCharlie]

Well if your cdrom is broke, then we can't scan the computer with a rescue disk.

Kaspersky Unlocker works well on this infection:

http://support.kaspersky.com/8005?el=88446

You may have to remove the hard drive and install it in another computer to be able to scan it.

The infection if fixable, but you don't have the hardware to do it.

MrC

[IndigoEarth]

SUCCESS!!!

I have at least Partially removed it from my computer using the following method:
 

• used a 2nd computer to download 'HitmanPro KickStart'  onto USB FlashDrive
• inserted flash drive into infected computer
• Pressed F12 (on Windows Vista) immediately at start-up to get boot options
• selected Boot up using USB Drive
• selected option #1 from boot up option list it gave me (must type the number fast, or computer wont accept any keys on keyboard)
• HitmanPro Kickstart displayed before the virus page could display and i scanned
• It said it partially removed malware from my computer, now I can access my desktop

​

Dear MrCharlie, could be so kind as to guide me through any possible clean-ups I should do to be sure that it is gone? Or any scans you'd like me to perform for you to either read from or just to make my pc safer.
Specific System upgrades?

Thank you buddy!
 

[MrCharlie]

Please download Farbar Recovery Scan Tool and save it to a folder. 

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[MrCharlie]

You can't edit or delete your posts and neither can I. You have to contact a moderator or administration to do that.

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-----------------------

Then..........

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[AdvancedSetup]

Post 13 and 14 removed per user request.

[IndigoEarth]

Thanks for the pointers MrCharlie, here are the results.

From FRST: (Fixlog.txt)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-08-2013 01
Ran by USER at 2013-08-06 10:54:39 Run:1
Running from C:\Users\USER\Program Downloads\farbar
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
C:\ProgramData\nvModes.dat => Moved successfully.
C:\Users\USER\tlist.exe => Moved successfully.

==== End of Fixlog ====

 

 

From mbar.exe: (mbar-log.txt)

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.08.06.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
USER :: USER1 [administrator]

06/08/2013 11:50:41 AM
mbar-log-2013-08-06 (11-50-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 234781
Time elapsed: 19 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 36
HKLM\SOFTWARE\CLASSES\INTERFACE\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{067C6A37-72EA-4437-863A-5BE20C246F3C} (Adware.Seekmo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979} (Adware.Seekmo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2AF056-1FE1-47CA-993D-5D09D18E674E} (Adware.Seekmo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1} (Adware.Seekmo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9} (Adware.Seekmo) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{1230CF51-6BC4-4A23-B3F1-C7CF0AFED619} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{50C3E2B3-4FD7-4CB9-91F9-641A6E6B3689} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{726F0AB9-B842-4AE4-90C7-230E233E6A99} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{C4543E64-1498-410D-8E72-4744EEA99AB9} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{34E29700-0D13-46AA-B9A5-ACE68E21A091} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{08755390-F46D-4D09-968C-3430166B3189} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{3661AF2D-C27B-499C-9BCF-66C8502A3806} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{99123AC9-7DDA-4C82-B252-44C2804BF392} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{00B77587-BE1B-4201-B8E9-09FCF50AB771} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{5A4737A8-B92A-4E54-970E-C2891D98CE3F} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{E0FB1610-B25B-49F6-BE20-751B2F230E6F} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{49155DAE-C471-40FA-98EE-B2B3CAD115CE} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{4D783385-0DDA-4188-A529-C97DC3D67CBD} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{6E10479B-31E8-4A3B-81B1-DDAF39097F19} (Adware.Zango) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Cl.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe (Security.Hijack) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Users\USER\AppData\Roaming\Microsoft\Windows\Templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.
c:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

From mbar.exe: (system-log.txt)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19328

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2144661504, free: 788828160

Downloaded database version: v2013.08.06.04
Downloaded database version: v2013.07.29.01
Initializing...
Done!
Can't access volume using primary device, the volume might be encrypted.
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19328

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2144661504, free: 847241216

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19328

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2144661504, free: 849018880

Initializing...
DDA Driver installation error.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19328

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2144661504, free: 935665664

Initializing...
------------ Kernel report ------------
     08/06/2013 11:50:35
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\NST\7DD01000.020\ccSetx86.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\OEM02Dev.sys
\SystemRoot\system32\DRIVERS\OEM02Vfx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR7
Upper Device Object: 0xffffffff8b9de3c8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\000000ce\
Lower Device Object: 0xffffffffab32d640
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8c23cac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\
Lower Device Object: 0xffffffff8b822030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8c23cac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b94f7c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8c23cac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b822030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 10000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 160587

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 161792  Numsec = 20971520

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21133312  Numsec = 462018560
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 483151872  Numsec = 5242880

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b9de3c8, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8baec4e8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b9de3c8, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\
DevicePointer: 0xffffffffab32d640, DeviceName: \Device\000000ce\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 44FDFE06

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{C23FA5A4-1FEA-419F-8B14-F7465DF062BC} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{067C6A37-72EA-4437-863A-5BE20C246F3C} --> [Adware.Seekmo]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{FBB40FDF-B715-4342-AB82-244ECC66E979} --> [Adware.Seekmo]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2AF056-1FE1-47CA-993D-5D09D18E674E} --> [Adware.Seekmo]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1} --> [Adware.Seekmo]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9} --> [Adware.Seekmo]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{1230CF51-6BC4-4A23-B3F1-C7CF0AFED619} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{229D2451-A617-4B30-B5E8-8138694240CB} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{50C3E2B3-4FD7-4CB9-91F9-641A6E6B3689} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{726F0AB9-B842-4AE4-90C7-230E233E6A99} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C4543E64-1498-410D-8E72-4744EEA99AB9} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{0923208C-E259-4ED5-A778-CB607DA350AD} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{34E29700-0D13-46AA-B9A5-ACE68E21A091} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{08755390-F46D-4D09-968C-3430166B3189} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{3661AF2D-C27B-499C-9BCF-66C8502A3806} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{99123AC9-7DDA-4C82-B252-44C2804BF392} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{00B77587-BE1B-4201-B8E9-09FCF50AB771} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{087C4054-0A2B-4F35-B0DB-BED3E21650F4} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{5A4737A8-B92A-4E54-970E-C2891D98CE3F} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E0FB1610-B25B-49F6-BE20-751B2F230E6F} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{9720DE03-5820-4059-B4A4-639D5E52BD09} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{49155DAE-C471-40FA-98EE-B2B3CAD115CE} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{CCC6E232-AA4C-4813-A019-9C14B27776B6} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{4D783385-0DDA-4188-A529-C97DC3D67CBD} --> [Adware.Zango]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{6E10479B-31E8-4A3B-81B1-DDAF39097F19} --> [Adware.Zango]
Infected: c:\Users\RYAN\AppData\Roaming\Microsoft\Windows\Templates\2433f433 --> [Trojan.Agent.TPL]
Infected: c:\ProgramData\2433f433 --> [Trojan.Agent.TPL]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Cl.exe --> [security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\init32.exe --> [security.Hijack]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_21133312_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19328

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2144661504, free: 759963648

Initializing...
------------ Kernel report ------------
     08/06/2013 12:21:29
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastorv.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\SBFWIM.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\NST\7DD01000.020\ccSetx86.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\SBREdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\SbFw.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\OEM02Dev.sys
\SystemRoot\system32\DRIVERS\OEM02Vfx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\sbapifs.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR7
Upper Device Object: 0xffffffff8b9de3c8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\000000ce\
Lower Device Object: 0xffffffffab32d640
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8c23cac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-1\
Lower Device Object: 0xffffffff8b822030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8c23cac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b94f7c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8c23cac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8b822030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 10000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 160587

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 161792  Numsec = 20971520

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21133312  Numsec = 462018560
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 483151872  Numsec = 5242880

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8b9de3c8, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8baec4e8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b9de3c8, DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\
DevicePointer: 0xffffffffab32d640, DeviceName: \Device\000000ce\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR7\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 44FDFE06

Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan Interrupted
Scan was aborted.
=======================================

Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_21133312_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished

Addition.txt

[MrCharlie]

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[AdvancedSetup]

Are you still with us?

[IndigoEarth]

Yep!! sry. Doing scan right now!

[IndigoEarth]

Here are the attached results of the ComboFix scan.

log.txt

[MrCharlie]

ComboFix 13-08-09.02 - USER 09/08/2013 14:57:03.1.2 - x86

Running from: c:\users\USER\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1320864998.bdinstall.bin

c:\programdata\1320950225.bdinstall.bin

c:\users\USER\.COMMgr

c:\users\USER\AppData\Local\TempDIR

c:\users\USER\AppData\Roaming\dclogs

c:\users\USER\AppData\Roaming\MyFolder

c:\users\USER\AppData\Roaming\MyFolder\tmp2.vbs

c:\users\USER\Documents\~WRL0565.tmp

c:\users\USER\Documents\~WRL0634.tmp

c:\users\USER\Documents\~WRL3896.tmp

c:\windows\system32\roboot.exe

c:\windows\system32\uninstall.exe

c:\windows\wininit.ini

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-07-09 to 2013-08-09 )))))))))))))))))))))))))))))))

.

.

2013-08-06 15:47 . 2013-08-06 16:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-08-06 15:01 . 2013-08-06 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-08-06 15:01 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-04 22:53 . 2013-08-04 22:53 -------- d-----w- C:\FRST

2013-08-04 21:09 . 2013-08-04 21:09 30464 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

2013-08-04 21:00 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D809C267-3463-46F2-8761-D3076B9BB5C1}\mpengine.dll

2013-08-04 20:40 . 2013-08-04 21:07 -------- d-----w- c:\programdata\HitmanPro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-09 03:40 . 2012-11-08 00:09 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2013-08-09 03:40 . 2012-11-23 15:19 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2013-06-03 09:20 . 2012-10-12 03:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-03 09:20 . 2011-09-07 02:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-17 03:06 . 2011-12-31 20:35 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll

2012-01-29 15:55 . 2012-02-05 05:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-12-06 09:18 26624 --sh--w- c:\windows\bfcs2.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3034432]

"LogMeIn Cubby"="c:\users\USER\AppData\Roaming\cubby\cubby.exe" [2013-05-07 4898584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 405504]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2008-03-10 16:20 689488 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2012-02-02 10:01 3034432 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-07-24 06:38 639352 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

R4 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-28 73728]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-01 c:\windows\Tasks\User_Feed_Synchronization-{D7DE5C91-EEFD-471C-8B73-D84EE071E769}.job

- c:\windows\system32\msfeedssync.exe [2012-10-31 08:30]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-06-11 11:16; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.0.32\coFFPlgn

FF - ExtSQL: 2013-08-07 13:42; ffxtlbr@babylon.com; c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\ffxtlbr@babylon.com

FF - user.js: extensions.BabylonToolbar_i.id - d2a83476000000000000001dd968ca45

FF - user.js: extensions.BabylonToolbar_i.hardId - d2a83476000000000000001dd968ca45

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.id - d2a83476000000000000001dd968ca45

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15612

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1223:04

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110211&tt=270912_ctrl2_3912_2

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{92A9ACF4-9333-43AE-9698-DB283326F87F} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-SBRegRebootCleaner - c:\program files\Ad-Aware Antivirus\SBRC.exe

AddRemove-HaaliMkx - c:\windows\system32\uninstall.exe

AddRemove-MatchMkr_is1 - c:\matchmkr_v129\unins000.exe

AddRemove-Media Player - Codec Pack - c:\windows\system32\C2MP\Uninst.exe

AddRemove-NST - c:\program files\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.1.0.32\InstStub.exe

AddRemove-Only Astrology - c:\users\USER\ONLYAS~1\UNWISE.EXE

AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-08-09 15:21

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NCO]

"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.1.0.32\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-Nñ‚W[u^]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-Nñ‚W[u^\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-Nñ‚W[u^áÿ#WÎW]N2m¢[]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-Nñ‚W[u^áÿ#WÎW]N2m¢[\OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýVñ‚ÌSí‹áÿ#WÎW]N2m¢[]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ýVñ‚ÌSí‹áÿ#WÎW]N2m¢[\OpenWithList]

@Class="Shell"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2276)

c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTsvcCDA.exe

c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\windows\system32\NLSSRV32.EXE

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\STacSV.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\conime.exe

.

**************************************************************************

.

Completion time: 2013-08-09 15:27:50 - machine was rebooted

ComboFix-quarantined-files.txt 2013-08-09 19:27

.

Pre-Run: 4,964,544,512 bytes free

Post-Run: 6,532,022,272 bytes free

.

- - End Of File - - 189A6D9CFA3FB61895B0879F3D17D1CD

5C616939100B85E558DA92B899A0FC36

[MrCharlie]

OK...Next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

• Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
• Now click on the Search tab.
• Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[IndigoEarth]

Results of AdwCleaner scan (AdwCleaner[R1].txt) ....Looked at everything, I am certain there is nothing I need to keep.

 

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 19:13:36
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : USER - USER1
# Boot Mode : Normal
# Running from : C:\Users\USER\Desktop\adwcleaner.exe
# Option [search]

***** [services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\.autoreg
File Found : C:\user.js
File Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\BrowserMngr_extensions.sqlite
File Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\browsermngr_prefs.js
File Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\searchplugins\BabylonMngr.xml
File Found : C:\Windows\system32\conduitEngine.tmp
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Found : C:\ProgramData\Speedbit
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\USER\AppData\Local\Conduit
Folder Found : C:\Users\USER\AppData\Local\PackageAware
Folder Found : C:\Users\USER\AppData\LocalLow\Application Updater
Folder Found : C:\Users\USER\AppData\LocalLow\Conduit
Folder Found : C:\Users\USER\AppData\LocalLow\PriceGong
Folder Found : C:\Users\USER\AppData\LocalLow\Speedbit
Folder Found : C:\Users\USER\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\CT3072253
Folder Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SpeedBit
Key Found : HKCU\Software\Surf Canyon
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Found : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\Software\SpeedBit
Key Found : HKU\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKU\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19328

-\\ Mozilla Firefox v10.0 (en-US)

File : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\prefs.js

Found : user_pref("CT3072253.BT_Stats", "{\"last_log\":1375897377,\"uuid\":267097655360194,\"seq_id\":1,\"ss[...]
Found : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3072253.FirstTime", "true");
Found : user_pref("CT3072253.FirstTimeFF3", "true");
Found : user_pref("CT3072253.UserID", "UN07462452317713952");
Found : user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3072253.autoDisableScopes", "-1");
Found : user_pref("CT3072253.defaultSearch", "FALSE");
Found : user_pref("CT3072253.embeddedsData", "[{\"appId\":\"129571859753931591\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3072253.enableAlerts", "always");
Found : user_pref("CT3072253.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT3072253.firstTimeDialogOpened", "true");
Found : user_pref("CT3072253.fixPageNotFoundError", "true");
Found : user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3072253.fixUrls", true);
Found : user_pref("CT3072253.installId", "fftE7BC.tmp.exe");
Found : user_pref("CT3072253.installType", "XPE");
Found : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.isNewTabEnabled", true);
Found : user_pref("CT3072253.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3072253.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3072253.mam_gk_appStateReportTime", "1375897385424");
Found : user_pref("CT3072253.mam_gk_appState_CouponBuddy", "on");
Found : user_pref("CT3072253.mam_gk_appState_Easytobook", "on");
Found : user_pref("CT3072253.mam_gk_appState_Easytobook_targeted", "on");
Found : user_pref("CT3072253.mam_gk_appState_PriceGong", "on");
Found : user_pref("CT3072253.mam_gk_appState_WindowShopper", "on");

Found : user_pref("CT3072253.mam_gk_appsDefaultEnabled", "true");
Found : user_pref("CT3072253.mam_gk_calledSetupService", "1");
Found : user_pref("CT3072253.mam_gk_configuration", "{\"configuration\":[{\"id\":\"Easytobook_targeted\",\"c[...]
Found : user_pref("CT3072253.mam_gk_currentVersion", "1.9.0.4");
Found : user_pref("CT3072253.mam_gk_first_time", "1");
Found : user_pref("CT3072253.mam_gk_localization", "{\"gadgetContentPolicy\":{\"Text\":\"Content Policy\"},\[...]
Found : user_pref("CT3072253.mam_gk_settings1.9.0.4", "{\"Status\":\"succeeded\",\"Data\":{\"interval\":240,[...]
Found : user_pref("CT3072253.mam_gk_showWelcomeGadget", "false");
Found : user_pref("CT3072253.mam_gk_userId", "34dc0aba-29e7-43b1-bbbb-e061f4d30f6a");
Found : user_pref("CT3072253.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.utorrent.com[...]
Found : user_pref("CT3072253.openThankYouPage", "true");
Found : user_pref("CT3072253.openUninstallPage", "FALSE");
Found : user_pref("CT3072253.search.searchAppId", "129571859753931591");
Found : user_pref("CT3072253.search.searchCount", "0");
Found : user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375897374810");
Found : user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1375897375578");
Found : user_pref("CT3072253.serviceLayer_services_clientErrorLog_lastUpdate", "1347496205844");
Found : user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375897375711");
Found : user_pref("CT3072253.serviceLayer_services_login_10.10.27.6_lastUpdate", "1375897388676");
Found : user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375897377953");
Found : user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1375897372055");
Found : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1375897368679");
Found : user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375897377383");
Found : user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1375897387352");
Found : user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1375897374797");
Found : user_pref("CT3072253.settingsINI", true);
Found : user_pref("CT3072253.shouldFirstTimeDialog", "false");
Found : user_pref("CT3072253.smartbar.CTID", "CT3072253");
Found : user_pref("CT3072253.smartbar.Uninstall", "0");
Found : user_pref("CT3072253.smartbar.isHidden", true);
Found : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");
Found : user_pref("CT3072253.toolbarBornServerTime", "7-8-2013");
Found : user_pref("CT3072253.toolbarCurrentServerTime", "7-8-2013");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=110211&tt=270912_ctrl2_3912_2");
Found : user_pref("extensions.BabylonToolbar.bbDpng", "7");
Found : user_pref("extensions.BabylonToolbar.cntry", "CA");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "ED1A14EFC646B5BEFD2BF98F03A0878C");
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "d2a83476000000000000001dd968ca45");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15612");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1223:04:15");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"71\",\"lastVrsn\":\"71\",\"vrsnLoad\[...]
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.sg", "azb");
Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1223:04:15");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110211&tt=270912_ctrl2_3912_2");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "d2a83476000000000000001dd968ca45");
Found : user_pref("extensions.BabylonToolbar_i.id", "d2a83476000000000000001dd968ca45");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15391");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1223:04:15");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,{687578b9-7132-[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26196 octets] - [09/08/2013 19:13:36]

########## EOF - C:\AdwCleaner[R1].txt - [26257 octets] ##########

[MrCharlie]

Lots of adware found....lets clear it out.....

• Please re-run AdwCleaner
• Click on Delete button.
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[IndigoEarth]

• Scan from AdwCleaner (AdwCleaner[s1].txt) :

 

 

 

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 20:04:14

# Updated 19/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : USER - USER1

# Boot Mode : Normal

# Running from : C:\Users\USER\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

File Deleted : C:\END

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

File Deleted : C:\user.js

File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\BrowserMngr_extensions.sqlite

File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\browsermngr_prefs.js

File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\searchplugins\BabylonMngr.xml

File Deleted : C:\Windows\system32\conduitEngine.tmp

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader

Folder Deleted : C:\ProgramData\Speedbit

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\USER\AppData\Local\Conduit

Folder Deleted : C:\Users\USER\AppData\Local\PackageAware

Folder Deleted : C:\Users\USER\AppData\LocalLow\Application Updater

Folder Deleted : C:\Users\USER\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\USER\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\USER\AppData\LocalLow\Speedbit

Folder Deleted : C:\Users\USER\AppData\LocalLow\Toolbar4

Folder Deleted : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Deleted : C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\CT3072253

Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}

Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\BrowserMngr

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SpeedBit

Key Deleted : HKCU\Software\Surf Canyon

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert

Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\Software\SpeedBit

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19328

-\\ Mozilla Firefox v10.0 (en-US)

File : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\prefs.js

C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\5r7mo9rl.default\user.js ... Deleted !

Deleted : user_pref("CT3072253.BT_Stats", "{\"last_log\":1375897377,\"uuid\":267097655360194,\"seq_id\":1,\"ss[...]

Deleted : user_pref("CT3072253.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3072253.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3072253.FirstTime", "true");

Deleted : user_pref("CT3072253.FirstTimeFF3", "true");

Deleted : user_pref("CT3072253.UserID", "UN07462452317713952");

Deleted : user_pref("CT3072253.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3072253.autoDisableScopes", "-1");

Deleted : user_pref("CT3072253.defaultSearch", "FALSE");

Deleted : user_pref("CT3072253.embeddedsData", "[{\"appId\":\"129571859753931591\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3072253.enableAlerts", "always");

Deleted : user_pref("CT3072253.enableSearchFromAddressBar", "FALSE");

Deleted : user_pref("CT3072253.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3072253.fixPageNotFoundError", "true");

Deleted : user_pref("CT3072253.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3072253.fixUrls", true);

Deleted : user_pref("CT3072253.installId", "fftE7BC.tmp.exe");

Deleted : user_pref("CT3072253.installType", "XPE");

Deleted : user_pref("CT3072253.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3072253.isNewTabEnabled", true);

Deleted : user_pref("CT3072253.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3072253.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3072253.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3072253.mam_gk_appStateReportTime", "1375897385424");

Deleted : user_pref("CT3072253.mam_gk_appState_CouponBuddy", "on");

Deleted : user_pref("CT3072253.mam_gk_appState_Easytobook", "on");

Deleted : user_pref("CT3072253.mam_gk_appState_Easytobook_targeted", "on");

Deleted : user_pref("CT3072253.mam_gk_appState_PriceGong", "on");

Deleted : user_pref("CT3072253.mam_gk_appState_WindowShopper", "on");

Deleted : user_pref("CT3072253.mam_gk_appsDefaultEnabled", "true");

Deleted : user_pref("CT3072253.mam_gk_calledSetupService", "1");

Deleted : user_pref("CT3072253.mam_gk_configuration", "{\"configuration\":[{\"id\":\"Easytobook_targeted\",\"c[...]

Deleted : user_pref("CT3072253.mam_gk_currentVersion", "1.9.0.4");

Deleted : user_pref("CT3072253.mam_gk_first_time", "1");

Deleted : user_pref("CT3072253.mam_gk_localization", "{\"gadgetContentPolicy\":{\"Text\":\"Content Policy\"},\[...]

Deleted : user_pref("CT3072253.mam_gk_settings1.9.0.4", "{\"Status\":\"succeeded\",\"Data\":{\"interval\":240,[...]

Deleted : user_pref("CT3072253.mam_gk_showWelcomeGadget", "false");

Deleted : user_pref("CT3072253.mam_gk_userId", "34dc0aba-29e7-43b1-bbbb-e061f4d30f6a");

Deleted : user_pref("CT3072253.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.utorrent.com[...]

Deleted : user_pref("CT3072253.openThankYouPage", "true");

Deleted : user_pref("CT3072253.openUninstallPage", "FALSE");

Deleted : user_pref("CT3072253.search.searchAppId", "129571859753931591");

Deleted : user_pref("CT3072253.search.searchCount", "0");

Deleted : user_pref("CT3072253.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3072253.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3072253.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3072253.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]

Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3072253.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3072253.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375897374810");

Deleted : user_pref("CT3072253.serviceLayer_services_appsMetadata_lastUpdate", "1375897375578");

Deleted : user_pref("CT3072253.serviceLayer_services_clientErrorLog_lastUpdate", "1347496205844");

Deleted : user_pref("CT3072253.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375897375711");

Deleted : user_pref("CT3072253.serviceLayer_services_login_10.10.27.6_lastUpdate", "1375897388676");

Deleted : user_pref("CT3072253.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375897377953");

Deleted : user_pref("CT3072253.serviceLayer_services_searchAPI_lastUpdate", "1375897372055");

Deleted : user_pref("CT3072253.serviceLayer_services_serviceMap_lastUpdate", "1375897368679");

Deleted : user_pref("CT3072253.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375897377383");

Deleted : user_pref("CT3072253.serviceLayer_services_toolbarSettings_lastUpdate", "1375897387352");

Deleted : user_pref("CT3072253.serviceLayer_services_translation_lastUpdate", "1375897374797");

Deleted : user_pref("CT3072253.settingsINI", true);

Deleted : user_pref("CT3072253.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3072253.smartbar.CTID", "CT3072253");

Deleted : user_pref("CT3072253.smartbar.Uninstall", "0");

Deleted : user_pref("CT3072253.smartbar.isHidden", true);

Deleted : user_pref("CT3072253.smartbar.toolbarName", "uTorrentControl2 ");

Deleted : user_pref("CT3072253.toolbarBornServerTime", "7-8-2013");

Deleted : user_pref("CT3072253.toolbarCurrentServerTime", "7-8-2013");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110211&tt=270912_ctrl2_3912_2");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "7");

Deleted : user_pref("extensions.BabylonToolbar.cntry", "CA");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "ED1A14EFC646B5BEFD2BF98F03A0878C");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.id", "d2a83476000000000000001dd968ca45");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15612");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1223:04:15");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"71\",\"lastVrsn\":\"71\",\"vrsnLoad\[...]

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1223:04:15");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110211&tt=270912_ctrl2_3912_2");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d2a83476000000000000001dd968ca45");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "d2a83476000000000000001dd968ca45");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15391");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1223:04:15");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,{687578b9-7132-[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26327 octets] - [09/08/2013 19:13:36]

AdwCleaner[s1].txt - [26224 octets] - [09/08/2013 20:04:14]

########## EOF - C:\AdwCleaner[s1].txt - [26285 octets] ##########

 

 

 

• Scan results from Junkware Removal Tool (JRT.txt) :

   

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.3.9 (08.09.2013:1)

OS: Windows Vista Home Premium x86

Ran by USER on 09/08/2013 at 20:38:00.13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1086904657-4067796721-2086557799-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\USER\AppData\Roaming\systweak"

Successfully deleted: [Folder] "C:\Users\USER\appdata\locallow\utorrentcontrol2"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair"

Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{0CEB6F26-028C-41C6-8B14-B61B762814A9}

Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{48587447-9AF1-4241-85A3-81A3E469263E}

Successfully deleted: [Empty Folder] C:\Users\USER\appdata\local\{F9801CA1-98BB-41CE-A6A7-6F508CDDAAC7}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 09/08/2013 at 20:40:10.40

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

• Scan results from Malwarebytes. I performed both a quick scan and full scan. First File [quick scan] 'mbam-log-2013-08-09 (21:03:20).txt' :

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.09.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19328

USER :: USER1 [administrator]

09/08/2013 9:03:20 PM

mbam-log-2013-08-09 (21-03-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Heuristics/Extra | P2P

Objects scanned: 56123

Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

 

• Scan from Second File [full scan] 'mbam-log-2013-09-09 (21:11:19).txt' :

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.09.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19328

USER :: USER1 [administrator]

09/08/2013 9:11:19 PM

mbam-log-2013-08-09 (21-11-19).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Heuristics/Extra | P2P

Objects scanned: 462133

Time elapsed: 5 hour(s), 26 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Program Files\DAEMON Tools Pro\DAEMONToolsPro500316-0317.exe (PUP.Optional.OpenCandy) -> No action taken.

C:\Program Files\Western Digital\My Passport Essential Tools\DmailerSync.zip (Malware.Packer.as) -> No action taken.

C:\Users\USER\AppData\Local\VirtualStore\Windows\System32\DmailerSync.zip (Malware.Packer.as) -> No action taken.

C:\Users\USER\Program Downloads\ConnectifyInstaller.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)

 

• I only decided to delete one of the four items detected, because the remaining three were not actual threats from my understanding.

   

My computer is working well now, thank you for your amazing assistance! I will donate soon. Is that all for the scanning stuff for now? Anything else I need to do?

 

 

 

***I do have one more question though...

 

For the last 12-18 months, whenever I highlight/select a file(s) and

 

• press SHIFT + DELETE to permanently delete a file, or

•  right-click on a file intending to check out its' properties....

...a window pops up instead. See the attached picture to see what   I mean ---> 

I don't even use/have Ad-Aware installed on my computer....I'm wondering if you know what that problem is all about? It's been happening in reoccuring instances where it says something about "windows wizard installer error" or something like that....

What the heck is that all about?

Thanks for helping me.

[MrCharlie]

Using ComboFix......
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Antivirus]

Driver::
Ad-Aware Service

Folder::
c:\program files\Ad-Aware Antivirus

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC