Jump to content

FBI Moneypak Virus


Recommended Posts

Greetings,

It seems this is pretty frequent when I was researching the moneypak virus. This is my first time recieving the moneypak virus and it just so happens that I am not able to run command prompt in safe mode. I am asking for your assistance please and thank you.

Here is my log to save you guys some time:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2013

Ran by SYSTEM at 14-01-2013 11:58:56

Running from G:\

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)

HKLM\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security)

HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [997320 2012-11-10] ()

HKLM\...\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-02-15] ()

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)

HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296096 2012-07-23] (RealNetworks, Inc.)

HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] ()

HKU\Kevin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Kevin\...\Run: [Akamai NetSession Interface] "C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk

ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk

ShortcutTarget: NETGEAR WPN111 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WPN111\wpn111.exe (NETGEAR)

Startup: C:\Users\Kevin\Start Menu\Programs\Startup\runctf.lnk

ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [913752 2012-03-14] (IObit)

2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821080 2011-06-01] (IObit)

2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)

4 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)

3 npggsvc; C:\Windows\system32\GameMon.des -service [3461116 2010-02-24] (INCA Internet Co., Ltd.)

2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-10] ()

2 Winmgmt; C:\Users\Kevin\wgsdgsdgdsgsd.exe [147456 2013-01-14] (Microsoft Corporation)

2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()

2 Akamai; c:\program files\common files\akamai/netsession_win_ce5ba24.dll [x]

==================== Drivers (Whitelisted) ====================

0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)

1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [26984 2012-11-10] (AVG Technologies)

3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1081920 2010-10-13] (Broadcom Corporation)

3 DNIMp50; C:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))

3 DNISp50; C:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))

2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-07-27] (Windows ® Codename Longhorn DDK provider)

3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)

3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [81680 2010-10-21] (MotioninJoy)

3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-13] (Microsoft Corporation)

3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)

0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)

0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [16184 2011-02-23] ()

3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-13] (Conexant Systems, Inc.)

3 WPN111; C:\Windows\System32\DRIVERS\WPN111v.sys [870400 2007-06-01] (Atheros Communications, Inc.)

3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [61984 2010-08-19] (Microsoft Corporation)

3 cpuz132; \??\C:\Users\Kevin\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]

3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]

3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]

3 JavaQuickStarterService; [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

3 XDva375; \??\C:\Windows\system32\XDva375.sys [x]

3 XDva380; \??\C:\Windows\system32\XDva380.sys [x]

3 XDva397; \??\C:\Windows\system32\XDva397.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-01-14 09:02 - 2013-01-14 09:25 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2013-01-14 09:02 - 2013-01-14 09:02 - 00147456 ____A (Microsoft Corporation) C:\Users\Kevin\wgsdgsdgdsgsd.exe

2013-01-14 09:02 - 2013-01-14 09:02 - 00002890 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2013-01-13 22:44 - 2013-01-13 22:44 - 00000705 ____A C:\Windows\System32\msexcr.ini

2013-01-13 22:24 - 2013-01-13 22:25 - 00000000 ____D C:\Users\Kevin\AppData\Local\{2484BC9E-51D0-492B-8BF7-A4EE16E98036}

2013-01-13 10:24 - 2013-01-13 10:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\{16767FAE-1781-41CA-A22A-0A9A323FF6B8}

2013-01-12 22:18 - 2013-01-12 22:18 - 00000000 ____D C:\Users\Kevin\AppData\Local\{C996968B-8ED9-4A57-8C30-F6019BAFE7E1}

2013-01-12 10:18 - 2013-01-12 10:18 - 00000000 ____D C:\Users\Kevin\AppData\Local\{6741310F-4B85-441B-B4B9-4DD392CFAC8F}

2013-01-11 18:59 - 2013-01-11 18:59 - 00000000 ____D C:\Users\Kevin\AppData\Local\{AD8D3D8A-5ABD-44EB-AEC4-BE03CB3A33D1}

2013-01-11 09:45 - 2013-01-11 09:45 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-01-10 09:44 - 2013-01-10 21:45 - 00000000 ____D C:\Users\Kevin\AppData\Local\{63D51326-E672-4B22-9447-519E049565A7}

2013-01-09 21:41 - 2013-01-09 21:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\{BA8A103A-4F4F-4B72-B3A8-EEE61C043195}

2013-01-09 13:16 - 2013-01-09 13:16 - 00581871 ____A C:\Users\Kevin\Desktop\FF10-2 - 10 - 1000 Words (Piano Collections).rar

2013-01-09 09:40 - 2013-01-09 09:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EC679994-8428-4C65-B4AD-CC674C76C71A}

2013-01-08 21:40 - 2013-01-08 21:40 - 00000000 ____D C:\Users\Kevin\AppData\Local\{6ABA2CF8-4702-4199-88A8-6E8678359502}

2013-01-08 11:16 - 2012-11-29 20:53 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2013-01-08 11:16 - 2012-11-29 20:47 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2013-01-08 11:16 - 2012-11-29 20:47 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 18:55 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2013-01-08 11:16 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-08 11:16 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\System32\locale.nls

2013-01-08 11:16 - 2012-11-22 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-01-08 11:16 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll

2013-01-08 11:16 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-01-08 11:16 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2013-01-08 11:15 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll

2013-01-08 11:15 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll

2013-01-08 11:15 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs

2013-01-08 11:15 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs

2013-01-08 11:15 - 2012-11-22 18:48 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe

2013-01-08 11:15 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2013-01-08 09:39 - 2013-01-08 09:39 - 00000000 ____D C:\Users\Kevin\AppData\Local\{295017E8-C616-403A-AA99-7CCB51A0F264}

2013-01-07 09:38 - 2013-01-07 21:39 - 00000000 ____D C:\Users\Kevin\AppData\Local\{DC847920-9B60-4007-9CD1-349991DF362B}

2013-01-06 21:37 - 2013-01-06 21:37 - 00000000 ____D C:\Users\Kevin\AppData\Local\{D6C349F8-4EDC-43CC-8A13-D804CB43E884}

2012-12-29 10:49 - 2012-12-29 10:49 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A633B58D-9614-4A35-B54D-6CE67958355D}

2012-12-28 10:48 - 2012-12-28 22:49 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A2467BFF-43DF-4DF7-9A11-9A78991F1359}

2012-12-27 22:30 - 2012-12-27 22:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\{182DE8A9-AA5A-48A3-BD66-D47E5B112C1E}

2012-12-27 10:30 - 2012-12-27 10:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\{C3AF0BDC-26BA-40B7-96BF-A5A76D5FF50C}

2012-12-26 14:50 - 2012-12-26 14:50 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EF166B2D-4909-484D-A656-964AE04F9199}

2012-12-25 11:12 - 2012-12-25 11:12 - 00000000 ____D C:\Users\Kevin\AppData\Local\{4CCDD94C-2B82-4EF5-AB25-33E081A0B047}

2012-12-24 17:15 - 2012-12-24 19:04 - 06955968 ____A (Microsoft Corporation) C:\Users\Kevin\Desktop\Silverlight.exe

2012-12-24 11:11 - 2012-12-24 23:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\{76492CC5-E96D-4F70-AF3F-D134FA19E2B6}

2012-12-23 23:10 - 2012-12-23 23:10 - 00000000 ____D C:\Users\Kevin\AppData\Local\{76A39C35-9B1F-4D01-966B-50AD0715572F}

2012-12-23 11:09 - 2012-12-23 11:10 - 00000000 ____D C:\Users\Kevin\AppData\Local\{BBCFB4CB-F83B-4993-979E-1786C44E0F8D}

2012-12-22 23:09 - 2012-12-22 23:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\{AE746828-7CB7-48BD-BD33-DA935211C13D}

2012-12-22 11:08 - 2012-12-22 11:08 - 00000000 ____D C:\Users\Kevin\AppData\Local\{3450E6D8-1131-4FB3-A44F-E611AD16E655}

2012-12-21 21:55 - 2012-12-21 21:55 - 00000000 ____D C:\Users\Kevin\AppData\Local\{50486D96-0832-468C-971D-CFB59F07F7B2}

2012-12-21 09:54 - 2012-12-21 09:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\{78E93001-34E6-47EF-8FF4-B19FDB51DF48}

2012-12-21 01:01 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-21 01:01 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-20 21:53 - 2012-12-20 21:53 - 00000000 ____D C:\Users\Kevin\AppData\Local\{9982F2E6-FDD1-4808-81E5-297C09F698CC}

2012-12-20 09:52 - 2012-12-20 09:53 - 00000000 ____D C:\Users\Kevin\AppData\Local\{505EF636-C591-44B8-8280-8991CA5960B8}

2012-12-19 22:54 - 2012-12-19 22:54 - 134401730 ____A C:\Windows\MEMORY.DMP

2012-12-19 22:54 - 2012-12-19 22:54 - 00145528 ____A C:\Windows\Minidump\122012-15718-01.dmp

2012-12-19 20:55 - 2012-12-19 20:56 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A4807A7F-51AB-4A12-BD76-83A96925F11A}

2012-12-18 21:47 - 2012-12-18 21:48 - 00000000 ____D C:\Users\Kevin\AppData\Local\{372275AB-74A1-4765-AFDF-1873D9DC34CB}

2012-12-18 09:46 - 2012-12-18 09:47 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EB25F391-503B-4089-85ED-BA5B0F27B24A}

2012-12-17 22:55 - 2013-01-14 09:16 - 00000376 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Kevin.job

2012-12-17 22:55 - 2013-01-12 23:11 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Kevin.job

2012-12-17 22:55 - 2013-01-10 17:04 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Kevin.job

2012-12-17 14:27 - 2012-12-17 14:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Unity

2012-12-17 14:26 - 2012-12-17 14:26 - 00000000 ____D C:\Users\Kevin\AppData\Local\Unity

2012-12-17 09:45 - 2012-12-17 21:46 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A6F954B8-8DC1-4C51-87B6-75112603D7E5}

2012-12-16 21:45 - 2012-12-16 21:45 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EC798185-EDD5-4B74-870D-58EB3F2A6F5D}

2012-12-16 09:44 - 2012-12-16 09:44 - 00000000 ____D C:\Users\Kevin\AppData\Local\{47DBC371-EF35-4C12-8028-8D38628A8E20}

2012-12-15 20:57 - 2012-12-15 20:58 - 00000000 ____D C:\Users\Kevin\AppData\Local\{94AB9A95-2FBA-41B1-BCAD-DC56096B649F}

2012-12-15 08:56 - 2012-12-15 08:57 - 00000000 ____D C:\Users\Kevin\AppData\Local\{8206E5A1-E00E-44B8-A4BE-6E28B2BC075F}

==================== One Month Modified Files and Folders ========

2013-01-14 11:58 - 2013-01-14 11:58 - 00000000 ____D C:\FRST

2013-01-14 09:25 - 2013-01-14 09:02 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2013-01-14 09:17 - 2010-07-29 13:36 - 00000000 ____D C:\Users\Kevin\Tracing

2013-01-14 09:16 - 2012-12-17 22:55 - 00000376 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Kevin.job

2013-01-14 09:16 - 2012-04-11 18:01 - 00045482 ____A C:\Windows\setupact.log

2013-01-14 09:16 - 2011-06-08 21:16 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-01-14 09:16 - 2011-01-10 17:00 - 00000000 ____D C:\Program Files\Common Files\Akamai

2013-01-14 09:16 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-14 09:14 - 2010-07-29 14:05 - 01692804 ____A C:\Windows\WindowsUpdate.log

2013-01-14 09:13 - 2009-07-13 20:34 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-14 09:13 - 2009-07-13 20:34 - 00017168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-14 09:02 - 2013-01-14 09:02 - 00147456 ____A (Microsoft Corporation) C:\Users\Kevin\wgsdgsdgdsgsd.exe

2013-01-14 09:02 - 2013-01-14 09:02 - 00002890 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2013-01-14 09:02 - 2010-07-29 14:34 - 00000000 ____D C:\users\Kevin

2013-01-14 08:53 - 2012-05-02 19:41 - 00369710 ____A C:\Windows\PFRO.log

2013-01-13 22:44 - 2013-01-13 22:44 - 00000705 ____A C:\Windows\System32\msexcr.ini

2013-01-13 22:34 - 2011-06-08 21:16 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-01-13 22:33 - 2012-04-09 18:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-01-13 22:25 - 2013-01-13 22:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\{2484BC9E-51D0-492B-8BF7-A4EE16E98036}

2013-01-13 10:24 - 2013-01-13 10:24 - 00000000 ____D C:\Users\Kevin\AppData\Local\{16767FAE-1781-41CA-A22A-0A9A323FF6B8}

2013-01-12 23:11 - 2012-12-17 22:55 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Kevin.job

2013-01-12 22:18 - 2013-01-12 22:18 - 00000000 ____D C:\Users\Kevin\AppData\Local\{C996968B-8ED9-4A57-8C30-F6019BAFE7E1}

2013-01-12 10:18 - 2013-01-12 10:18 - 00000000 ____D C:\Users\Kevin\AppData\Local\{6741310F-4B85-441B-B4B9-4DD392CFAC8F}

2013-01-12 10:17 - 2012-04-28 06:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-01-11 18:59 - 2013-01-11 18:59 - 00000000 ____D C:\Users\Kevin\AppData\Local\{AD8D3D8A-5ABD-44EB-AEC4-BE03CB3A33D1}

2013-01-11 11:42 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

2013-01-11 09:45 - 2013-01-11 09:45 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-01-10 21:45 - 2013-01-10 09:44 - 00000000 ____D C:\Users\Kevin\AppData\Local\{63D51326-E672-4B22-9447-519E049565A7}

2013-01-10 17:04 - 2012-12-17 22:55 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Kevin.job

2013-01-10 09:52 - 2011-06-17 18:20 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-01-09 21:41 - 2013-01-09 21:41 - 00000000 ____D C:\Users\Kevin\AppData\Local\{BA8A103A-4F4F-4B72-B3A8-EEE61C043195}

2013-01-09 13:16 - 2013-01-09 13:16 - 00581871 ____A C:\Users\Kevin\Desktop\FF10-2 - 10 - 1000 Words (Piano Collections).rar

2013-01-09 09:41 - 2013-01-09 09:40 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EC679994-8428-4C65-B4AD-CC674C76C71A}

2013-01-09 08:34 - 2012-04-09 18:58 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-01-09 08:34 - 2011-05-24 18:43 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-01-08 21:40 - 2013-01-08 21:40 - 00000000 ____D C:\Users\Kevin\AppData\Local\{6ABA2CF8-4702-4199-88A8-6E8678359502}

2013-01-08 19:57 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-01-08 19:02 - 2009-07-13 20:33 - 00268128 ____A C:\Windows\System32\FNTCACHE.DAT

2013-01-08 13:41 - 2010-07-29 14:39 - 00772558 ____A C:\Windows\System32\PerfStringBackup.INI

2013-01-08 13:30 - 2010-08-07 06:02 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-01-08 09:39 - 2013-01-08 09:39 - 00000000 ____D C:\Users\Kevin\AppData\Local\{295017E8-C616-403A-AA99-7CCB51A0F264}

2013-01-08 07:41 - 2012-07-23 18:50 - 00000436 ___AH C:\Windows\Tasks\Norton Security Scan for Kevin.job

2013-01-08 07:22 - 2012-07-24 05:44 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2013-01-07 22:46 - 2011-08-03 19:39 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype

2013-01-07 21:39 - 2013-01-07 09:38 - 00000000 ____D C:\Users\Kevin\AppData\Local\{DC847920-9B60-4007-9CD1-349991DF362B}

2013-01-06 21:37 - 2013-01-06 21:37 - 00000000 ____D C:\Users\Kevin\AppData\Local\{D6C349F8-4EDC-43CC-8A13-D804CB43E884}

2012-12-29 10:49 - 2012-12-29 10:49 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A633B58D-9614-4A35-B54D-6CE67958355D}

2012-12-28 22:49 - 2012-12-28 10:48 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A2467BFF-43DF-4DF7-9A11-9A78991F1359}

2012-12-27 22:30 - 2012-12-27 22:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\{182DE8A9-AA5A-48A3-BD66-D47E5B112C1E}

2012-12-27 10:30 - 2012-12-27 10:30 - 00000000 ____D C:\Users\Kevin\AppData\Local\{C3AF0BDC-26BA-40B7-96BF-A5A76D5FF50C}

2012-12-26 14:50 - 2012-12-26 14:50 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EF166B2D-4909-484D-A656-964AE04F9199}

2012-12-25 11:12 - 2012-12-25 11:12 - 00000000 ____D C:\Users\Kevin\AppData\Local\{4CCDD94C-2B82-4EF5-AB25-33E081A0B047}

2012-12-24 23:11 - 2012-12-24 11:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\{76492CC5-E96D-4F70-AF3F-D134FA19E2B6}

2012-12-24 19:04 - 2012-12-24 17:15 - 06955968 ____A (Microsoft Corporation) C:\Users\Kevin\Desktop\Silverlight.exe

2012-12-24 18:32 - 2010-10-11 16:57 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\tixati

2012-12-23 23:10 - 2012-12-23 23:10 - 00000000 ____D C:\Users\Kevin\AppData\Local\{76A39C35-9B1F-4D01-966B-50AD0715572F}

2012-12-23 13:11 - 2011-02-11 23:18 - 00000000 ____D C:\Users\Kevin\Desktop\Musica

2012-12-23 11:10 - 2012-12-23 11:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\{BBCFB4CB-F83B-4993-979E-1786C44E0F8D}

2012-12-22 23:09 - 2012-12-22 23:09 - 00000000 ____D C:\Users\Kevin\AppData\Local\{AE746828-7CB7-48BD-BD33-DA935211C13D}

2012-12-22 11:08 - 2012-12-22 11:08 - 00000000 ____D C:\Users\Kevin\AppData\Local\{3450E6D8-1131-4FB3-A44F-E611AD16E655}

2012-12-22 11:07 - 2009-07-13 20:53 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-12-21 21:55 - 2012-12-21 21:55 - 00000000 ____D C:\Users\Kevin\AppData\Local\{50486D96-0832-468C-971D-CFB59F07F7B2}

2012-12-21 09:54 - 2012-12-21 09:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\{78E93001-34E6-47EF-8FF4-B19FDB51DF48}

2012-12-20 21:53 - 2012-12-20 21:53 - 00000000 ____D C:\Users\Kevin\AppData\Local\{9982F2E6-FDD1-4808-81E5-297C09F698CC}

2012-12-20 09:53 - 2012-12-20 09:52 - 00000000 ____D C:\Users\Kevin\AppData\Local\{505EF636-C591-44B8-8280-8991CA5960B8}

2012-12-19 22:54 - 2012-12-19 22:54 - 134401730 ____A C:\Windows\MEMORY.DMP

2012-12-19 22:54 - 2012-12-19 22:54 - 00145528 ____A C:\Windows\Minidump\122012-15718-01.dmp

2012-12-19 22:54 - 2011-01-31 19:51 - 00000000 ____D C:\Windows\Minidump

2012-12-19 20:56 - 2012-12-19 20:55 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A4807A7F-51AB-4A12-BD76-83A96925F11A}

2012-12-18 21:48 - 2012-12-18 21:47 - 00000000 ____D C:\Users\Kevin\AppData\Local\{372275AB-74A1-4765-AFDF-1873D9DC34CB}

2012-12-18 09:47 - 2012-12-18 09:46 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EB25F391-503B-4089-85ED-BA5B0F27B24A}

2012-12-17 21:46 - 2012-12-17 09:45 - 00000000 ____D C:\Users\Kevin\AppData\Local\{A6F954B8-8DC1-4C51-87B6-75112603D7E5}

2012-12-17 14:27 - 2012-12-17 14:27 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Unity

2012-12-17 14:26 - 2012-12-17 14:26 - 00000000 ____D C:\Users\Kevin\AppData\Local\Unity

2012-12-16 21:45 - 2012-12-16 21:45 - 00000000 ____D C:\Users\Kevin\AppData\Local\{EC798185-EDD5-4B74-870D-58EB3F2A6F5D}

2012-12-16 09:44 - 2012-12-16 09:44 - 00000000 ____D C:\Users\Kevin\AppData\Local\{47DBC371-EF35-4C12-8028-8D38628A8E20}

2012-12-16 06:13 - 2012-12-21 01:01 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2012-12-16 06:13 - 2012-12-21 01:01 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

2012-12-15 20:58 - 2012-12-15 20:57 - 00000000 ____D C:\Users\Kevin\AppData\Local\{94AB9A95-2FBA-41B1-BCAD-DC56096B649F}

2012-12-15 08:57 - 2012-12-15 08:56 - 00000000 ____D C:\Users\Kevin\AppData\Local\{8206E5A1-E00E-44B8-A4BE-6E28B2BC075F}

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-11 11:41:54

==================== Memory info ===========================

Percentage of memory in use: 38%

Total physical RAM: 997.69 MB

Available physical RAM: 611.54 MB

Total Pagefile: 997.69 MB

Available Pagefile: 615.8 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:192.77 GB) (Free:15.56 GB) NTFS

2 Drive e: () (Fixed) (Total:40.01 GB) (Free:39.86 GB) NTFS

4 Drive g: () (Removable) (Total:0.12 GB) (Free:0.1 GB) FAT

9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 Online 121 MB 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 192 GB 101 MB

Partition 3 Primary 40 GB 192 GB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 192 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E NTFS Partition 40 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 121 MB 31 KB

=========================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT Removable 121 MB Healthy

=========================================================

Last Boot: 2013-01-07 13:34

==================== End Of Log ============================

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


Startup: C:\Users\Kevin\Start Menu\Programs\Startup\runctf.lnk
ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
2 Winmgmt; C:\Users\Kevin\wgsdgsdgdsgsd.exe [147456 2013-01-14] (Microsoft Corporation)
C:\Users\All Users\dsgsdgdsgdsgw.pad
C:\Users\Kevin\wgsdgsdgdsgsd.exe
C:\Users\All Users\dsgsdgdsgdsgw.js

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-01-2013

Ran by SYSTEM at 2013-01-14 14:38:06 Run:1

Running from K:\

==============================================

C:\Users\Kevin\Start Menu\Programs\Startup\runctf.lnk moved successfully.

C:\Windows\System32\rundll32.exe moved successfully.

Winmgmt service deleted successfully.

C:\Users\All Users\dsgsdgdsgdsgw.pad moved successfully.

C:\Users\Kevin\wgsdgsdgdsgsd.exe moved successfully.

C:\Users\All Users\dsgsdgdsgdsgw.js moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

Hello

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

This is from adwcleaner, it appears to have run cleanly, and it gave me this notepad doc:

# AdwCleaner v2.105 - Logfile created 01/14/2013 at 15:14:37

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Kevin - KEVIN-PC

# Boot Mode : Normal

# Running from : C:\Users\Kevin\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files\Application Updater

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

Folder Deleted : C:\Program Files\Common Files\spigot

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DVDVideoSoftTB

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\Users\Kevin\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Kevin\AppData\Local\Conduit

Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\CT2269050

Folder Deleted : C:\Users\Kevin\AppData\Local\TempDir

Folder Deleted : C:\Users\Kevin\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Kevin\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\Kevin\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Kevin\AppData\LocalLow\DVDVideoSoftTB

Folder Deleted : C:\Users\Kevin\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Kevin\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\ConduitCommon

Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\CT2269050

Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Folder Deleted : C:\Users\Kevin\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DVDVideoSoftTB

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B019D043-E634-4FDF-B2EB-32FA8FEBB5F6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE0F6EBE-1B56-4195-B297-63ECBB1E664F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\Search Settings

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={5EFBB5CF-1411-4B2F-B95B-FB7F2E151159}&mid=ff665956499547d18711d15f303b879a-5f09a18cdd132370f7854518648e0471f9dd5fc6〈=en&ds=tt014&pr=sa&d=2012-02-14 22:36:56&v=9.0.0.22&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\prefs.js

C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\user.js ... Deleted !

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);

Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2269050.AppTrackingLastCheckTime", "Wed Aug 29 2012 02:18:05 GMT-0500 (Central Daylight[...]

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);

Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);

Deleted : user_pref("CT2269050.CTID", "CT2269050");

Deleted : user_pref("CT2269050.CurrentServerDate", "15-1-2013");

Deleted : user_pref("CT2269050.DSChangedManually", false);

Deleted : user_pref("CT2269050.DSInstall", true);

Deleted : user_pref("CT2269050.DSProtectChoice", true);

Deleted : user_pref("CT2269050.DSProtectCount", 18);

Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Jan 13 2013 12:25:07 GMT-0600 (Central Standa[...]

Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");

Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sun Jul 29 2012 16:11:38 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT2269050.FirstServerDate", "12-12-2011");

Deleted : user_pref("CT2269050.FirstTime", true);

Deleted : user_pref("CT2269050.FirstTimeFF3", true);

Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);

Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2269050.HPChangedManually", false);

Deleted : user_pref("CT2269050.HPInstall", true);

Deleted : user_pref("CT2269050.HPProtectChoice", true);

Deleted : user_pref("CT2269050.HPProtectCount", 12);

Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);

Deleted : user_pref("CT2269050.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]

Deleted : user_pref("CT2269050.Initialize", true);

Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);

Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2269050.InstalledDate", "Sun Dec 11 2011 15:59:56 GMT-0600 (Central Standard Time)");

Deleted : user_pref("CT2269050.InvalidateCache", false);

Deleted : user_pref("CT2269050.IsAlertDBUpdated", true);

Deleted : user_pref("CT2269050.IsGrouping", false);

Deleted : user_pref("CT2269050.IsInitSetupIni", true);

Deleted : user_pref("CT2269050.IsMulticommunity", false);

Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);

Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);

Deleted : user_pref("CT2269050.IsProtectorsInit", true);

Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sun Jan 13 2013 16:21:34 GMT-0600 (Central Standar[...]

Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2269050.LastLogin_3.10.0.1", "Sun Apr 22 2012 19:02:44 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Thu Apr 26 2012 20:26:25 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 19:14:40 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 12:50:54 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Aug 22 2012 11:11:39 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2269050.LastLogin_3.15.1.0", "Mon Jan 14 2013 15:12:18 GMT-0600 (Central Standard Time)[...]

Deleted : user_pref("CT2269050.LastLogin_3.8.1.0", "Sun Jan 08 2012 12:03:53 GMT-0600 (Central Standard Time)"[...]

Deleted : user_pref("CT2269050.LastLogin_3.9.0.3", "Tue Feb 14 2012 17:35:36 GMT-0600 (Central Standard Time)"[...]

Deleted : user_pref("CT2269050.LatestVersion", "3.16.0.3");

Deleted : user_pref("CT2269050.Locale", "en");

Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2269050.MCDetectTooltipShow", false);

Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.8.1.0");

Deleted : user_pref("CT2269050.RadioIsPodcast", false);

Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sat Jul 28 2012 20:58:58 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");

Deleted : user_pref("CT2269050.RadioMediaID", "12473383");

Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");

Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");

Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");

Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");

Deleted : user_pref("CT2269050.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://www.facebook.com/");

Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");

Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");

Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]

Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jan 13 2013 16:21:32 GMT-0600 (Central Stand[...]

Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT2269050.SearchProtectorEnabled", false);

Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Sun Jan 13 2013 16:21:33 GMT-0600 (Central Standard [...]

Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Mon Jan 14 2013 15:12:17 GMT-0600 (Central Standard Ti[...]

Deleted : user_pref("CT2269050.SettingsLastUpdate", "1358179876");

Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");

Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Jan 07 2013 00:40:17 GMT-0600 (Central Sta[...]

Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");

Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2269050.UserID", "UN82290500366835036");

Deleted : user_pref("CT2269050.ValidationData_Search", 1);

Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2);

Deleted : user_pref("CT2269050.WeatherNetwork", "");

Deleted : user_pref("CT2269050.WeatherPollDate", "Sun Jul 29 2012 15:44:22 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT2269050.WeatherUnit", "F");

Deleted : user_pref("CT2269050.alertChannelId", "666138");

Deleted : user_pref("CT2269050.approveUntrustedApps", false);

Deleted : user_pref("CT2269050.autoDisableScopes", -1);

Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6C6D726F6C767276");

Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747372737875727C787C242F4B4947[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjcj?h;;aa%peh", "247E61393F236B25757677732A212C6E414F4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjcj?h;?a=%peh", "247E61393F236B2576717875792B222D6F425[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjh<h4l:genjfn)til", "247E61393F236B2573727029202B6D404[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6A6F3D6D4242737A46437A77207D794D7D257A244F532A21[...]

Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");

Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]

Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6D3F3F6C3F3E6F407A72487673787C764D7B7B7921");

Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6D726F6C76757679797B");

Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");

Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");

Deleted : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");

Deleted : user_pref("CT2269050.backendstorage.cb_experience_000", "313834");

Deleted : user_pref("CT2269050.backendstorage.cb_firstuse0100", "31");

Deleted : user_pref("CT2269050.backendstorage.cb_user_id_000", "43423337323230393133373631395F46697265666F78")[...]

Deleted : user_pref("CT2269050.backendstorage.cbcountry_000", "5553");

Deleted : user_pref("CT2269050.backendstorage.cbcountry_001", "5553");

Deleted : user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2044656320313220323031312031383A33373A31372[...]

Deleted : user_pref("CT2269050.backendstorage.cbopenmamsettings", "30");

Deleted : user_pref("CT2269050.backendstorage.facebook_mode", "32");

Deleted : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]

Deleted : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]

Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "53756E204F637420313420323031322032323A[...]

Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");

Deleted : user_pref("CT2269050.backendstorage.url_history", "687474703A2F2F766964656F2E786E78782E636F6D2F632F4[...]

Deleted : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E78766964656F732E636F6D2[...]

Deleted : user_pref("CT2269050.backendstorage.url_history_time", "31333238363736393038303937");

Deleted : user_pref("CT2269050.components.1000034", false);

Deleted : user_pref("CT2269050.components.1000082", false);

Deleted : user_pref("CT2269050.components.1000234", false);

Deleted : user_pref("CT2269050.components.129023235807856892", false);

Deleted : user_pref("CT2269050.components.129121052374999726", false);

Deleted : user_pref("CT2269050.components.129351672002618989", false);

Deleted : user_pref("CT2269050.components.129351776130744254", false);

Deleted : user_pref("CT2269050.components.129391330693125668", false);

Deleted : user_pref("CT2269050.components.129863783591067571", false);

Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Mon Jan 07 2013 00:40:26 GMT-0600 (Central [...]

Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2269050.initDone", true);

Deleted : user_pref("CT2269050.isAppTrackingManagerOn", false);

Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);

Deleted : user_pref("CT2269050.myStuffEnabled", true);

Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]

Deleted : user_pref("CT2269050.revertSettingsEnabled", false);

Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2269050.testingCtid", "");

Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Sun Jan 13 2013 16:21:34 GMT-0600 (Central S[...]

Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Jan 07 2013 14:19:47 GMT-0600 (Central S[...]

Deleted : user_pref("CT2269050.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"8a1[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kevin\\AppData\\Roaming\\Mozilla\\F[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v213/gadget.html", "[...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greent[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");

Deleted : user_pref("CommunityToolbar.globalUserId", "b072caed-bdea-4fcc-8b68-e65fe2f9b1e9");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 14 2013 10:56:2[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 13 2013 16:21:42 GMT-060[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jan 13 2013 16:21:34 GMT-0600 (C[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "5eac240b-f0ad-4492-b56f-d05b7dbb5be8");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.facebook.com/");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo");

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13")[...]

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"/IBLtn5P3OgPflcbI+hX2EcR5+gpc0V5h8Qo7lDQsOA=","_version":3,"browser":{"show[...]

*************************

AdwCleaner[s1].txt - [35108 octets] - [14/01/2013 15:14:37]

########## EOF - C:\AdwCleaner[s1].txt - [35169 octets] ##########

I am able to access the browser and everything in my computer it seems.

Link to post
Share on other sites

Following the adwcleaner this is the RogueKiller Report:

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Kevin [Admin rights]

Mode : Scan -- Date : 01/14/2013 15:22:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 37c26c9393a9d6205a90cef16aa0bf46

[bSP] b67076d4f7b0c35cfe41e71e82915f80 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 197400 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 404482048 | Size: 40973 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01142013_02d1522.txt >>

RKreport[1]_S_01142013_02d1522.txt

Thank very much for your cooperation and step by step instructions it is very much appreciated.

Link to post
Share on other sites

  • Staff

Hello Trankev

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Gringo, Windows failed to restore the system and this is the pop up I got after its completion:

"System Restore did not complete successfully. Your computer's system files and settings were not changed.

Details:

System Restore failed to extract the file

(C:\Windows\$NtUninstallKB51348$\1726807307) from the restore point.

The restore point was damaged or was deleted during the restore.

You can try System Restore again and choose a different restore point. If you continue to see this error, you can try an advanced recovery method. For more information, see What is Recovery?

Link to post
Share on other sites

heres the report gringo, booted from safe mode and I ran it from safe mode:

ComboFix 13-01-17.04 - Kevin 01/18/2013 14:18:40.2.2 - x86 MINIMAL

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.998.487 [GMT -6:00]

Running from: c:\users\Kevin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\programdata\040a57k541348pk6ac863ni

c:\users\Kevin\AppData\Roaming\Local

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\users\Kevin\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\searchplugins\bing-zugo.xml

c:\windows\$NtUninstallKB51348$

c:\windows\$NtUninstallKB51348$\1726807307

c:\windows\$NtUninstallKB51348$\3408724921\@

c:\windows\$NtUninstallKB51348$\3408724921\bckfg.tmp

c:\windows\$NtUninstallKB51348$\3408724921\cfg.ini

c:\windows\$NtUninstallKB51348$\3408724921\Desktop.ini

c:\windows\$NtUninstallKB51348$\3408724921\keywords

c:\windows\$NtUninstallKB51348$\3408724921\kwrd.dll

c:\windows\$NtUninstallKB51348$\3408724921\L\xadqgnnk

c:\windows\$NtUninstallKB51348$\3408724921\lsflt7.ver

c:\windows\$NtUninstallKB51348$\3408724921\U\00000001.@

c:\windows\$NtUninstallKB51348$\3408724921\U\00000002.@

c:\windows\$NtUninstallKB51348$\3408724921\U\00000004.@

c:\windows\$NtUninstallKB51348$\3408724921\U\80000000.@

c:\windows\$NtUninstallKB51348$\3408724921\U\80000004.@

c:\windows\$NtUninstallKB51348$\3408724921\U\80000032.@

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))

.

.

2013-01-18 20:27 . 2013-01-18 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-18 18:34 . 2013-01-18 18:34 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACCB370B-F858-4313-9268-0FF64213AECB}\offreg.dll

2013-01-14 22:37 . 2013-01-18 20:27 -------- d-----w- c:\users\Kevin\AppData\Local\temp

2013-01-14 19:58 . 2013-01-14 19:58 -------- d-----w- C:\FRST

2013-01-08 19:15 . 2012-12-07 12:26 308736 ----a-w- c:\windows\system32\Wpc.dll

2012-12-21 09:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 09:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 16:34 . 2012-04-10 02:58 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 16:34 . 2011-05-25 02:43 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-14 02:09 . 2012-12-13 06:49 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2012-12-13 06:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 06:49 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2012-12-13 06:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 06:49 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2012-12-13 06:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-10 20:16 . 2012-08-30 20:40 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-11-09 04:42 . 2012-12-13 05:12 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11 . 2012-12-13 05:12 376832 ----a-w- c:\windows\system32\dpnet.dll

2013-01-11 17:45 . 2013-01-11 17:45 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]

2010-12-19 14:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-12-19 86696]

.

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Kevin\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-07-23 296096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-6-27 4559840]

NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-7-30 995328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot

.

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]

R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]

R2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [x]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]

R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [x]

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [x]

R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]

R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]

R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x]

R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-12 03:35 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:34]

.

2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 05:16]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 05:16]

.

2013-01-08 c:\windows\Tasks\Norton Security Scan for Kevin.job

- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-24 09:45]

.

2013-01-15 c:\windows\Tasks\ReclaimerUpdateFiles_Kevin.job

- c:\users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-18 03:54]

.

2013-01-13 c:\windows\Tasks\ReclaimerUpdateXML_Kevin.job

- c:\users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-18 03:54]

.

2013-01-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Kevin.job

- c:\users\Kevin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-18 03:54]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>

IE: Free YouTube Download - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\dow7khjq.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file)

ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file)

HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"=hex:51,66,7a,6c,4c,1d,38,12,0e,bc,32,

bc,1f,12,85,04,ed,ca,7d,0c,c8,64,66,f0

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,

0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b

"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"=hex:51,66,7a,6c,4c,1d,38,12,e6,58,38,

83,87,d3,7e,06,c2,c6,ef,58,90,09,a1,e1

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,

36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0

"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,

5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd

"{65134FDF-F8A5-4B3D-91D9-CDF273CFD578}"=hex:51,66,7a,6c,4c,1d,38,12,b1,4c,00,

61,97,b6,53,0e,ee,cf,8e,b2,76,91,91,6c

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:a1,04,ef,92,42,26,cd,01

.

[HKEY_USERS\S-1-5-21-3270130853-2849294919-3194500712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3270130853-2849294919-3194500712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-18 14:29:29

ComboFix-quarantined-files.txt 2013-01-18 20:29

.

Pre-Run: 20,612,648,960 bytes free

Post-Run: 20,510,097,408 bytes free

.

- - End Of File - - D926FF1B00EA272BCEAF6F685CCACBE7

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

 

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

 

 

 

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.