police-central-e-crime-unit-virus lock removal help

PaulosDeKathos · May 9, 2013

Hi There,

I have used the instructions on the post on the virus named in the subject of this post and have still be unable to unlock the desktop. I used the flashdrive method and it seemed to work and remove things afrer several attempts(originally the computer kept starting up the startup repair stuff and not the HitmanPro application) but after using this application. I restarted and its still there. I still can't use any form of safe mode, so if you have any otherhelp, suggestions advice I'd be most grateful!

Paul

PS none of the scans worked but had to click something to get this message posted!

kuttus · May 9, 2013

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem.

Which Operating system are you using?

Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

PaulosDeKathos · May 9, 2013

It's Windows Vista Home Premium

kuttus · May 10, 2013

Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Click on Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

PaulosDeKathos · May 10, 2013

Hi,

Thanks. Just wondering if it is worth keeping the HitmanPro Kickstart flash drive I created yesterday as I only have one usb drive at the moment. If it is worth keeping the HitmanPro one, I will need to buy another and use that for Farbar.

Paul

kuttus · May 10, 2013

You can Format that USB Drive and do the steps I have provided.....

PaulosDeKathos · May 10, 2013

Hi,

Sorry, how do I take the program and turn it into a USB pendrive? Do I just copy it onto the pendrive to make it a flashdrive?

The link you gave just downloads it onto my clean computer

Paul

kuttus · May 10, 2013

Download the file from the above link I have given to you. After that save (or Copy) the file to your flash drive. Make sure there is nothing else inside the Flash Drive.....

Flash Drive and Pendrive both are same.

PaulosDeKathos · May 12, 2013

Successfully ran the scan and here is the copy and pasted notepad file!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by SYSTEM on 12-05-2013 07:59:09
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [24688 2010-01-30] (MyWebSearch.com)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1398440 2011-12-14] (Ask)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [PC Medkit] "C:\Program Files\PC Medkit\PC Medkit.lnk" --start-trayed [833 2011-09-10] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKLM\...\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart [2193000 2011-10-21] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe [115656 2009-07-03] (EasyBits Software AS)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)
HKU\PaulosDeKathos.Ruth-PC.001\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)
HKU\PaulosDeKathos.Ruth-PC.001\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\PaulosMusic\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [ 2008-12-01] (Hewlett-Packard)
HKU\PaulosMusic\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Ruth\...\Run: [fsm] [x]
HKU\Ruth\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-01-26] (Safer Networking Limited)
HKU\Ruth\...\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000 [ 2012-03-02] (Uniblue Systems Limited)
HKU\Ruth\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Ruth\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-02-28] (Skype Technologies S.A.)
HKU\Ruth\...\Run: [TrafficTravisv4] C:\Users\Ruth\AppData\Roaming\Traffic Travis v4\TrafficTravisV4.exe [ 2013-02-06] ()
HKU\Ruth\...\Policies\system: [DisableLockWorkstation] 0
HKU\Ruth\...\Policies\system: [DisableChangePassword] 0
HKU\Ruth\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\OnlyWire.LNK
ShortcutTarget: OnlyWire.LNK -> C:\Program Files\OnlyWire\OnlyWireWindows.exe ()
Startup: C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

========================== Services (Whitelisted) =================

S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2550224 2013-01-16] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-05-09] (SurfRight B.V.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-07-14] (Ralink Technology, Corp.)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia)
S3 StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [103336 2011-04-14] (stumbleupon.com)
S2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
S2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [x]
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S4 MyWebSearchService;

==================== Drivers (Whitelisted) ====================

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-06-11] (Avanquest Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30464 2013-05-09] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [735232 2009-08-03] (Ralink Technology Corp.)
S1 RapportCerberus_34302; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [228208 2011-12-15] ()
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [71480 2012-07-07] (Trusteer Ltd.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-05-28] (Trusteer Ltd.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [166840 2012-07-07] (Trusteer Ltd.)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1966312 2007-04-10] (Microsoft Corporation)
S3 BELKIN; system32\DRIVERS\BLKWGU.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-12 07:58 - 2013-05-12 07:58 - 00000000 ____D C:\FRST
2013-05-09 08:33 - 2013-05-09 08:33 - 00030464 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-05-09 08:33 - 2013-05-09 08:33 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-09 08:32 - 2013-05-09 09:13 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-09 08:32 - 2013-05-09 09:13 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\Application Data\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\AppData\Local\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\Application Data\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\Application Data\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\AppData\Roaming\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.dll
2013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.dll
2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.exe
2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.exe
2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\Application Data\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,
2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,
2013-05-04 00:57 - 2013-05-04 00:57 - 00002144 ____A C:\Users\Ruth\Desktop\Lumbago.txt
2013-05-02 23:17 - 2013-05-02 23:17 - 00002231 ____A C:\Users\Ruth\Desktop\Upper Back Pain.txt
2013-05-02 02:54 - 2013-05-02 02:55 - 44921959 ____A C:\Users\Ruth\Desktop\Theme+Package+2+Themes.zip
2013-05-02 02:54 - 2013-05-02 02:54 - 00972408 ____A C:\Users\Ruth\Desktop\WPVideoTubePlugin.zip
2013-05-02 02:54 - 2013-05-02 02:54 - 00828395 ____A C:\Users\Ruth\Desktop\KeywordTreasury.zip
2013-05-01 06:12 - 2013-05-01 06:13 - 17988944 ____A (Adobe Systems Inc.) C:\Users\Ruth\Desktop\AdobeAIRInstaller.exe
2013-05-01 06:08 - 2013-05-01 06:08 - 00127254 ____A C:\Users\Ruth\Desktop\AntJudgeandJurySoftware.zip
2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\Application Data\?é?é-1533-40C5-AD09-953C574F14BCÄé?é
2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\?é?é-1533-40C5-AD09-953C574F14BCÄé?é
2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-28 09:32 - 2013-04-28 09:32 - 00004696 ____A C:\Users\Ruth\Desktop\tapping for high self-esteem.txt
2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-23 04:30 - 2013-04-23 04:30 - 00011383 ____A C:\Users\Ruth\Desktop\action steps for amazon reviews.htm
2013-04-23 02:05 - 2013-04-23 02:05 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_360992-1
2013-04-23 02:03 - 2013-04-23 02:03 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_360992
2013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\Application Data\?i?i-1533-40C5-AD09-953C574F14BCÄi?i
2013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\?i?i-1533-40C5-AD09-953C574F14BCÄi?i
2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\Application Data\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z
2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z
2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\Application Data\?e?e-1533-40C5-AD09-953C574F14BCÄe?e
2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\?e?e-1533-40C5-AD09-953C574F14BCÄe?e
2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-19 23:29 - 2013-04-19 23:29 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-16 08:26 - 2013-04-16 08:26 - 00997182 ____A C:\Users\Ruth\Desktop\intellitheme.zip
2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\Application Data\?è?è-1533-40C5-AD09-953C574F14BCÄè?è
2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è
2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\Application Data\?U?U-1533-40C5-AD09-953C574F14BCÄU?U
2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\?U?U-1533-40C5-AD09-953C574F14BCÄU?U
2013-04-15 11:02 - 2013-04-15 11:03 - 12542284 ____A C:\Users\Ruth\Desktop\WriteLikeaManiac-WSO.zip
2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???

==================== One Month Modified Files and Folders ========

2013-05-12 07:58 - 2013-05-12 07:58 - 00000000 ____D C:\FRST
2013-05-11 22:31 - 2012-08-09 10:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-11 22:16 - 2006-11-02 04:47 - 00004016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-11 22:16 - 2006-11-02 04:47 - 00004016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-11 22:09 - 2010-02-11 10:40 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-11 18:59 - 2010-04-20 10:11 - 00000322 ____A C:\Windows\Tasks\PC Medkit.job
2013-05-11 17:05 - 2009-04-01 02:10 - 01958940 ____A C:\Windows\WindowsUpdate.log
2013-05-11 11:09 - 2010-02-11 10:40 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-11 10:36 - 2013-03-04 13:01 - 00000000 ____A C:\END
2013-05-09 19:13 - 2012-09-23 09:33 - 00000000 ____D C:\Users\Ruth\Application Data\Traffic Travis v4
2013-05-09 19:13 - 2012-09-23 09:33 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\Traffic Travis v4
2013-05-09 19:13 - 2010-11-20 12:03 - 00000000 ____D C:\users\PaulosDeKathos.Ruth-PC.001
2013-05-09 19:13 - 2010-01-30 10:27 - 00000000 ____D C:\Program Files\MyWebSearch
2013-05-09 19:13 - 2009-06-11 11:01 - 00000000 ____D C:\users\Ruth
2013-05-09 19:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-09 19:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-09 19:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-05-09 19:13 - 2006-11-02 02:22 - 58458112 ____A C:\Windows\System32\config\software_previous
2013-05-09 19:13 - 2006-11-02 02:22 - 42467328 ____A C:\Windows\System32\config\system_previous
2013-05-09 19:06 - 2006-11-02 02:22 - 38797312 ____A C:\Windows\System32\config\components_previous
2013-05-09 19:06 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-05-09 19:06 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-05-09 19:06 - 2006-11-02 02:22 - 00053248 ____A C:\Windows\System32\config\sam_previous
2013-05-09 10:16 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-09 09:45 - 2009-06-12 00:14 - 00008376 ____A C:\Users\Ruth\Local Settings\d3d9caps.dat
2013-05-09 09:45 - 2009-06-12 00:14 - 00008376 ____A C:\Users\Ruth\Local Settings\Application Data\d3d9caps.dat
2013-05-09 09:45 - 2009-06-12 00:14 - 00008376 ____A C:\Users\Ruth\AppData\Local\d3d9caps.dat
2013-05-09 09:13 - 2013-05-09 08:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-09 09:13 - 2013-05-09 08:32 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-09 08:33 - 2013-05-09 08:33 - 00030464 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-05-09 08:33 - 2013-05-09 08:33 - 00001698 ____A C:\ProgramData\Desktop\HitmanPro.lnk
2013-05-09 08:33 - 2013-05-09 08:33 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-09 08:32 - 2006-11-02 04:52 - 00165174 ____A C:\Windows\setupact.log
2013-05-09 03:11 - 2012-09-30 09:10 - 00000326 ____A C:\Windows\Tasks\DriverScanner.job
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\Application Data\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\Local Settings\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\Users\Ruth\AppData\Local\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\Application Data\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116797 ____A C:\ProgramData\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\Application Data\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00116784 ____A C:\Users\Ruth\AppData\Roaming\2433f433
2013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.dll
2013-05-08 18:39 - 2013-05-08 18:39 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.dll
2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\My Documents\b73c318.exe
2013-05-08 18:38 - 2013-05-08 18:38 - 00034304 ____A C:\Users\Ruth\Documents\b73c318.exe
2013-05-08 18:38 - 2011-06-28 03:45 - 00000000 ____D C:\Program Files\OnlyWire
2013-05-08 02:13 - 2010-02-06 12:46 - 00000000 ____D C:\Users\Ruth\Application Data\Skype
2013-05-08 02:13 - 2010-02-06 12:46 - 00000000 ____D C:\Users\Ruth\AppData\Roaming\Skype
2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-05-06 22:12 - 2013-05-06 22:12 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\Application Data\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,
2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\ProgramData\?,?,-1533-40C5-AD09-953C574F14BCÄ,?,
2013-05-06 12:34 - 2006-11-02 05:01 - 00032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-04 00:57 - 2013-05-04 00:57 - 00002144 ____A C:\Users\Ruth\Desktop\Lumbago.txt
2013-05-02 23:17 - 2013-05-02 23:17 - 00002231 ____A C:\Users\Ruth\Desktop\Upper Back Pain.txt
2013-05-02 07:28 - 2010-08-24 02:11 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-02 02:55 - 2013-05-02 02:54 - 44921959 ____A C:\Users\Ruth\Desktop\Theme+Package+2+Themes.zip
2013-05-02 02:54 - 2013-05-02 02:54 - 00972408 ____A C:\Users\Ruth\Desktop\WPVideoTubePlugin.zip
2013-05-02 02:54 - 2013-05-02 02:54 - 00828395 ____A C:\Users\Ruth\Desktop\KeywordTreasury.zip
2013-05-01 06:13 - 2013-05-01 06:12 - 17988944 ____A (Adobe Systems Inc.) C:\Users\Ruth\Desktop\AdobeAIRInstaller.exe
2013-05-01 06:08 - 2013-05-01 06:08 - 00127254 ____A C:\Users\Ruth\Desktop\AntJudgeandJurySoftware.zip
2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\Application Data\?é?é-1533-40C5-AD09-953C574F14BCÄé?é
2013-04-30 22:43 - 2013-04-30 22:43 - 00000000 ____D C:\ProgramData\?é?é-1533-40C5-AD09-953C574F14BCÄé?é
2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-28 22:44 - 2013-04-28 22:44 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-28 09:32 - 2013-04-28 09:32 - 00004696 ____A C:\Users\Ruth\Desktop\tapping for high self-esteem.txt
2013-04-27 02:30 - 2009-06-12 00:14 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-04-25 13:35 - 2009-06-11 11:08 - 00084336 ____A C:\Users\Ruth\Local Settings\GDIPFONTCACHEV1.DAT
2013-04-25 13:35 - 2009-06-11 11:08 - 00084336 ____A C:\Users\Ruth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-04-25 13:35 - 2009-06-11 11:08 - 00084336 ____A C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-25 13:34 - 2013-04-25 13:34 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-25 13:33 - 2006-11-02 04:47 - 00337816 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-25 03:40 - 2009-06-26 07:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-25 03:40 - 2009-06-26 07:24 - 00000000 ____D C:\ProgramData\Application Data\Microsoft Help
2013-04-25 03:36 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2013-04-25 02:54 - 2009-06-18 02:25 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-04-23 04:30 - 2013-04-23 04:30 - 00011383 ____A C:\Users\Ruth\Desktop\action steps for amazon reviews.htm
2013-04-23 02:05 - 2013-04-23 02:05 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_360992-1
2013-04-23 02:03 - 2013-04-23 02:03 - 00000000 ____D C:\Users\Ruth\Desktop\browndog1_360992
2013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\Application Data\?i?i-1533-40C5-AD09-953C574F14BCÄi?i
2013-04-22 23:20 - 2013-04-22 23:20 - 00000000 ____D C:\ProgramData\?i?i-1533-40C5-AD09-953C574F14BCÄi?i
2013-04-22 02:14 - 2013-04-06 02:54 - 02324136 ____A C:\Users\Ruth\Downloads\w_E_20130215.epub
2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\Application Data\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z
2013-04-20 22:40 - 2013-04-20 22:40 - 00000000 ____D C:\ProgramData\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z
2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\Application Data\?e?e-1533-40C5-AD09-953C574F14BCÄe?e
2013-04-20 14:37 - 2013-04-20 14:37 - 00000000 ____D C:\ProgramData\?e?e-1533-40C5-AD09-953C574F14BCÄe?e
2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-20 06:10 - 2013-04-20 06:10 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-20 05:15 - 2013-04-20 05:15 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-19 23:29 - 2013-04-19 23:29 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-04-19 23:29 - 2010-02-06 12:45 - 00000000 ___RD C:\Program Files\Skype
2013-04-19 23:29 - 2010-02-06 12:45 - 00000000 ____D C:\ProgramData\Skype
2013-04-19 23:29 - 2010-02-06 12:45 - 00000000 ____D C:\ProgramData\Application Data\Skype
2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-19 23:28 - 2013-04-19 23:28 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-19 09:37 - 2013-04-19 09:37 - 00000000 ____D C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u
2013-04-16 08:26 - 2013-04-16 08:26 - 00997182 ____A C:\Users\Ruth\Desktop\intellitheme.zip
2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\Application Data\?è?è-1533-40C5-AD09-953C574F14BCÄè?è
2013-04-16 06:20 - 2013-04-16 06:20 - 00000000 ____D C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è
2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-16 02:53 - 2013-04-16 02:53 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\Application Data\?U?U-1533-40C5-AD09-953C574F14BCÄU?U
2013-04-15 23:02 - 2013-04-15 23:02 - 00000000 ____D C:\ProgramData\?U?U-1533-40C5-AD09-953C574F14BCÄU?U
2013-04-15 22:43 - 2012-04-25 02:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-15 11:03 - 2013-04-15 11:02 - 12542284 ____A C:\Users\Ruth\Desktop\WriteLikeaManiac-WSO.zip
2013-04-15 10:20 - 2009-06-12 04:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ???
2013-04-15 02:49 - 2013-04-15 02:49 - 00000000 ____D C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ???

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791\L
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791
C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791\L
C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791

Other Malware:
===========
C:\Users\Ruth\g2mdlhlpx.exe
C:\Users\Ruth\Install-TARDIS.exe
C:\Users\Ruth\Installer-BOTC.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-11 03:01:00
Restore point made on: 2013-02-11 07:28:46
Restore point made on: 2013-02-13 04:42:24
Restore point made on: 2013-02-14 03:49:36
Restore point made on: 2013-02-17 12:20:46
Restore point made on: 2013-02-21 01:13:34
Restore point made on: 2013-02-22 04:15:36
Restore point made on: 2013-02-24 04:24:09
Restore point made on: 2013-02-28 00:01:54
Restore point made on: 2013-03-03 02:34:00
Restore point made on: 2013-03-06 07:43:20
Restore point made on: 2013-03-10 23:50:47
Restore point made on: 2013-03-13 19:00:49
Restore point made on: 2013-03-17 06:25:27
Restore point made on: 2013-03-20 03:37:43
Restore point made on: 2013-03-20 23:47:18
Restore point made on: 2013-03-24 23:36:05
Restore point made on: 2013-03-27 10:34:50
Restore point made on: 2013-03-28 03:37:32
Restore point made on: 2013-03-31 10:34:58
Restore point made on: 2013-04-03 01:55:56
Restore point made on: 2013-04-03 22:45:16
Restore point made on: 2013-04-05 08:00:17
Restore point made on: 2013-04-07 23:04:11
Restore point made on: 2013-04-10 23:04:04
Restore point made on: 2013-04-15 02:56:40
Restore point made on: 2013-04-19 09:46:23
Restore point made on: 2013-04-22 23:25:47
Restore point made on: 2013-04-24 18:00:46
Restore point made on: 2013-04-28 13:45:21
Restore point made on: 2013-05-01 22:55:31
Restore point made on: 2013-05-06 01:26:19
Restore point made on: 2013-05-09 03:23:06
Restore point made on: 2013-05-09 08:45:37
Restore point made on: 2013-05-09 10:28:10

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 2814.5 MB
Available physical RAM: 2182.18 MB
Total Pagefile: 2502.07 MB
Available Pagefile: 2296.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.29 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:584.74 GB) (Free:358.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.43 GB) (Free:1.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HITMANPRO) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=585 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 5136BF11)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)

Last Boot: 2013-05-11 10:54

==================== End Of Log ============================

thanks

kuttus · May 12, 2013

Now please download this file and save it to your Flash Drive.

[attachment=4439]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

PaulosDeKathos · May 12, 2013

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-12 11:11:06 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor => Value deleted successfully.
HKEY_USERS\Ruth\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Ruth\Local Settings\2433f433 => Moved successfully.
C:\Users\Ruth\AppData\Local\2433f433 => File/Directory not found.
C:\ProgramData\Application Data\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => File/Directory not found.
C:\Users\Ruth\Application Data\2433f433 => Moved successfully.
C:\Users\Ruth\AppData\Roaming\2433f433 => File/Directory not found.
C:\Users\Ruth\My Documents\b73c318.dll => Moved successfully.
C:\Users\Ruth\Documents\b73c318.dll => File/Directory not found.
C:\Users\Ruth\My Documents\b73c318.exe => Moved successfully.
C:\Users\Ruth\Documents\b73c318.exe => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?,?,-1533-40C5-AD09-953C574F14BCÄ,?, => Could not move.
C:\ProgramData\?,?,-1533-40C5-AD09-953C574F14BCÄ,?, => Could not move.
C:\ProgramData\Application Data\?é?é-1533-40C5-AD09-953C574F14BCÄé?é => Could not move.
C:\ProgramData\?é?é-1533-40C5-AD09-953C574F14BCÄé?é => Could not move.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?i?i-1533-40C5-AD09-953C574F14BCÄi?i => File/Directory not found.
C:\ProgramData\?i?i-1533-40C5-AD09-953C574F14BCÄi?i => File/Directory not found.
C:\ProgramData\Application Data\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z => Could not move.
C:\ProgramData\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z => Could not move.
C:\ProgramData\Application Data\?e?e-1533-40C5-AD09-953C574F14BCÄe?e => File/Directory not found.
C:\ProgramData\?e?e-1533-40C5-AD09-953C574F14BCÄe?e => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\Application Data\?è?è-1533-40C5-AD09-953C574F14BCÄè?è => Could not move.
C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è => Could not move.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?U?U-1533-40C5-AD09-953C574F14BCÄU?U => File/Directory not found.
C:\ProgramData\?U?U-1533-40C5-AD09-953C574F14BCÄU?U => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\Program Files\MyWebSearch => Moved successfully.
C:\Users\Ruth\Local Settings\d3d9caps.dat => Moved successfully.
C:\Users\Ruth\Local Settings\Application Data\d3d9caps.dat => File/Directory not found.
C:\Users\Ruth\AppData\Local\d3d9caps.dat => File/Directory not found.
C:\Users\Ruth\Local Settings\Application Data\2433f433 => File/Directory not found.
C:\Users\Ruth\Local Settings\2433f433 => File/Directory not found.
C:\Users\Ruth\AppData\Local\2433f433 => File/Directory not found.
C:\ProgramData\Application Data\2433f433 => File/Directory not found.
C:\ProgramData\2433f433 => File/Directory not found.
C:\Users\Ruth\Application Data\2433f433 => File/Directory not found.
C:\Users\Ruth\AppData\Roaming\2433f433 => File/Directory not found.
C:\Users\Ruth\My Documents\b73c318.dll => File/Directory not found.
C:\Users\Ruth\Documents\b73c318.dll => File/Directory not found.
C:\Users\Ruth\My Documents\b73c318.exe => File/Directory not found.
C:\Users\Ruth\Documents\b73c318.exe => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?,?,-1533-40C5-AD09-953C574F14BCÄ,?, => Could not move.
C:\ProgramData\?,?,-1533-40C5-AD09-953C574F14BCÄ,?, => Could not move.
C:\ProgramData\Application Data\?é?é-1533-40C5-AD09-953C574F14BCÄé?é => Could not move.
C:\ProgramData\?é?é-1533-40C5-AD09-953C574F14BCÄé?é => Could not move.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\Users\Ruth\Local Settings\GDIPFONTCACHEV1.DAT => Moved successfully.
C:\Users\Ruth\Local Settings\Application Data\GDIPFONTCACHEV1.DAT => File/Directory not found.
C:\Users\Ruth\AppData\Local\GDIPFONTCACHEV1.DAT => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\Windows\System32\FNTCACHE.DAT => Moved successfully.
C:\Windows\win.ini => Moved successfully.
C:\ProgramData\Application Data\?i?i-1533-40C5-AD09-953C574F14BCÄi?i => File/Directory not found.
C:\ProgramData\?i?i-1533-40C5-AD09-953C574F14BCÄi?i => File/Directory not found.
C:\Users\Ruth\Downloads\w_E_20130215.epub => Moved successfully.
C:\ProgramData\Application Data\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z => Could not move.
C:\ProgramData\?Z?Z-1533-40C5-AD09-953C574F14BCÄZ?Z => Could not move.
C:\ProgramData\Application Data\?e?e-1533-40C5-AD09-953C574F14BCÄe?e => File/Directory not found.
C:\ProgramData\?e?e-1533-40C5-AD09-953C574F14BCÄe?e => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\?u?u-1533-40C5-AD09-953C574F14BCÄu?u => File/Directory not found.
C:\ProgramData\Application Data\?è?è-1533-40C5-AD09-953C574F14BCÄè?è => Could not move.
C:\ProgramData\?è?è-1533-40C5-AD09-953C574F14BCÄè?è => Could not move.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\Application Data\?U?U-1533-40C5-AD09-953C574F14BCÄU?U => File/Directory not found.
C:\ProgramData\?U?U-1533-40C5-AD09-953C574F14BCÄU?U => File/Directory not found.
C:\ProgramData\Application Data\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\ProgramData\????-1533-40C5-AD09-953C574F14BCÄ??? => Could not move.
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791\L => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791\L => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-3021958837-3772347930-3219022640-1000\$9a2a97e93ea62d3fc48deaef9b507791\U => File/Directory not found.
C:\$Recycle.Bin\S-1-5-18\$9a2a97e93ea62d3fc48deaef9b507791 => File/Directory not found.
C:\Users\Ruth\g2mdlhlpx.exe => Moved successfully.
C:\Users\Ruth\Install-TARDIS.exe => Moved successfully.
C:\Users\Ruth\Installer-BOTC.exe => Moved successfully.

==== End of Fixlog ====

That's excellent, it appears to be working fine thanks very much

Paul

kuttus · May 12, 2013

Great to hear that........

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

Turn off your antivirus software now to avoid potential conflicts

Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator

The tool will open and start scanning your system

Please be patient as this can take a while to complete depending on your system's specifications

On completion, a log (JRT.txt) will be saved to your desktop and will automatically open

Post the contents of JRT.txt into your next reply

STEP 3: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> (This link will open a download page in a new window from where you can download HitmanPro)</li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

PaulosDeKathos · May 12, 2013

What does the rest of this do? I can just run those directly from the infected computer now can't I?

Paul

kuttus · May 12, 2013

Sure. You can do it from the infected computer.

PaulosDeKathos · May 12, 2013

ADwcleaner didnt work properly, so moved onto junkware removal, waiting to see what that does....why is it necessary to do all these different things?

PaulosDeKathos · May 12, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Ruth on 2013/05/12 at 20:11:29.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driverscanner
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\fun web products
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\mywebsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\facemoods.facemoodshlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.2
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2102665F-EEDF-4D54-B598-18A5D03A8D30}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{38DB777B-E025-45C7-A140-07A10C71EF55}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2102665F-EEDF-4D54-B598-18A5D03A8D30}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{38DB777B-E025-45C7-A140-07A10C71EF55}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"

~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\driverscanner.job"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\system32\f3pssavr.scr"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Users\Ruth\AppData\Local\Temp\searchqu.ini"
Successfully deleted: [File] "C:\Users\Ruth\AppData\Local\Temp\searchqutoolbar-manifest.xml"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Failed to delete: [Folder] "C:\ProgramData\application data\browserprotect"
Successfully deleted: [Folder] "C:\Users\Ruth\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Ruth\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Ruth\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\delicious add-on for internet explorer"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\searchqu toolbar"
Successfully deleted: [Folder] "C:\Program Files\software informer"
Successfully deleted: [Folder] "C:\Program Files\specialsavings"
Successfully deleted: [Folder] "C:\Program Files\wajam"
Successfully deleted: [Folder] "C:\Users\Ruth\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"
Successfully deleted: [Folder] "C:\Users\Ruth\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{31EF7CBE-83AD-4806-8632-2EF53392CD91}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{6C08F7C2-B221-44DA-A289-D008D8635167}
Successfully deleted: [Empty Folder] C:\Users\Ruth\appdata\local\{E9C7115C-3B79-4B65-8504-10C0A16025AE}
Successfully deleted: [Folder] "C:\Users\Ruth\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\fcmdsrch.xml"
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\user.js
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\searchplugins\alot-search.xml
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\searchplugins\mywebsearch.xml
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\jetpack
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\smartbar
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\extensions\specialsavings@superfish.com
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\extensions\toolbar@ask.com
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Folder] C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\specialsavings@superfish.com
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}
Successfully deleted the following from C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\prefs.js

user_pref("CT2260173.1000082.isPlayDisplay", "true");
user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT2260173.1000234.TWC_TMP_city", "RENFREW");
user_pref("CT2260173.1000234.TWC_TMP_country", "GB");
user_pref("CT2260173.1000234.TWC_country", "UNITED KINGDOM");
user_pref("CT2260173.1000234.TWC_locId", "UKXX1100");
user_pref("CT2260173.1000234.TWC_location", "Renfrew, United Kingdom");
user_pref("CT2260173.1000234.TWC_region", "GB");
user_pref("CT2260173.1000234.TWC_temp_dis", "c");
user_pref("CT2260173.1000234.TWC_wind_dis", "mph");
user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"11.png\",\"temperature\":\"10Â°C\",\"temperatureClear\":\"10Â°C\",\"highTemperature\":\"10Â°C\",\"lowTemperature\":\"4Â
user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.FirstTime", "true");
user_pref("CT2260173.FirstTimeFF3", "true");
user_pref("CT2260173.UserID", "UN80117216058389946");
user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2260173.enableFix404ByUser", "FALSE");
user_pref("CT2260173.firstTimeDialogOpened", "true");
user_pref("CT2260173.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2260173.fixUrls", true);
user_pref("CT2260173.isCheckedStartAsHidden", true);
user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2260173.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2260173&octid=CT2260173&SearchSource=15&CUI=UN801172160583899
user_pref("CT2260173.lastVersion", "10.15.2.523");
user_pref("CT2260173.mam_gk_installer_preapproved.enc", "VFJVRQ==");
user_pref("CT2260173.migrateAppsAndComponents", true);
user_pref("CT2260173.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Asessionrestore\",\"EB_MAIN_FRAME_TITLE\":\"Restore%20Session\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOL
user_pref("CT2260173.revertSettingsEnabled", "false");
user_pref("CT2260173.search.searchAppId", "128848965243869715");
user_pref("CT2260173.search.searchCount", "0");
user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
user_pref("CT2260173.searchUserMode", "2");
user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks\"}");
user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1368385798534");
user_pref("CT2260173.serviceLayer_services_setupAPI_lastUpdate", "1368385798577");
user_pref("CT2260173.settingsINI", true);
user_pref("CT2260173.showToolbarPermission", "false");
user_pref("CT2260173.smartbar.CTID", "CT2260173");
user_pref("CT2260173.smartbar.Uninstall", "0");
user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
user_pref("CT2260173.toolbarBornServerTime", "5-2-2013");
user_pref("CT2260173.toolbarCurrentServerTime", "5-2-2013");
user_pref("CT2260173.toolbarLoginClientTime", "Sun May 12 2013 20:09:58 GMT+0100 (GMT Daylight Time)");
user_pref("CT2260173.userIdGenerationCounter", "1");
user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368385789872,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2903601&SearchSource=13,hxxp://search.conduit.com/?ctid=CT2903601&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "Productivity 2.2 Customized Web Search,Productivity 2.2 Customized Web Search");
user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=120095&tt=040213_9105_0&babsrc=NT_ss&mntrId=2af0268600000000000000248c6c5c81");
user_pref("browser.search.defaultthis.engineName", "Productivity 2.2 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
user_pref("extensions.BabylonToolbar.id", "2af0268600000000000000248c6c5c81");
user_pref("extensions.BabylonToolbar.instlDay", "15741");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2af0268600000000000000248c6c5c81&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1013:54:19");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=120095&tt=040213_9105_0");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.seoquake.params.370.icon", "AAABAAEAEBAAAAAAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAD///8B////Af///wHp6en/ubm5/4ODg/+JiYn/YmJi/
user_pref("smartbar.machineId", "9LAGAK1E/RWTIXRJL/VYJVTZS8WB7LRSSQNLHMTRVRKPMEEII5FVN5C+GBSMB5L85RFUL6MKKL+KHNS9IBL4PA");
Emptied folder: C:\Users\Ruth\AppData\Roaming\mozilla\firefox\profiles\bvgpgmth.default\minidumps [277 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013/05/12 at 20:15:50.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PaulosDeKathos · May 12, 2013

Code:

HitmanPro 3.7.3.194
www.hitmanpro.com

   Computer name . . . . : RUTH-PC
   Windows . . . . . . . : 6.0.2.6002.X86/3
   User name . . . . . . : Ruth-PC\Ruth
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (27 days left)

   Scan date . . . . . . : 2013-05-12 20:17:59
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 26m 30s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 115
   Traces  . . . . . . . : 307

   Objects scanned . . . : 3,643,506
   Files scanned . . . . : 309,336
   Remnants scanned  . . : 1,593,765 files / 1,740,405 keys

Malware _____________________________________________________________________

   C:\Users\Ruth\AppData\Local\Temp\Temp1_Android-Emulator.zip\Android-Emulator\Run_Emulator(with Boot Animation).exe -> Quarantined
      Size . . . . . . . : 393,728 bytes
      Age  . . . . . . . : 1352.6 days (2009-08-29 05:56:36)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : F7B0124EDC9D575779A19743AD64385FFF4DAFB1F43DCB0B9B4A8DDFD428A0B5
      Needs elevation  . : Yes
      Product  . . . . . : Android Emulator
      Publisher  . . . . : Google
      Version  . . . . . : 1,1,0,0
    > Ikarus . . . . . . : Trojan-Dropper.Win32.BAT!IK
      Fuzzy  . . . . . . : 100.0

   C:\Users\Ruth\AppData\Local\Temp\Temp1_PatformBomber(2).zip\PatformBomber\PatformBomber\Google Rank Checker\Googlerankchecker.exe -> Quarantined
      Size . . . . . . . : 2,676,579 bytes
      Age  . . . . . . . : 1017.4 days (2010-07-30 11:19:22)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 320C4543ECEB1B98683B0CC40A69FBF4B9B6E0CD1E13CF9AA65A0FF29E2F2803
      Product  . . . . . : compiledBot
      Publisher  . . . . : Microsoft
      Description  . . . : compiledBot
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright @ Microsoft 2010
    > Ikarus . . . . . . : Trojan-PWS.Win32.Dybalom!IK
      Fuzzy  . . . . . . : 108.0

   C:\Users\Ruth\AppData\Roaming\Traffic Travis v4\TTUpdater.exe -> Quarantined
      Size . . . . . . . : 2,020,864 bytes
      Age  . . . . . . . : 42.2 days (2013-03-31 14:35:05)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : E3281F4307B26134F20D1B2A57DA471F24C126AE070DA4AFA8DD1132EF5A6F78
      Product
      Publisher
      Description
      Version  . . . . . : 1.0.1.12
      Copyright
    > Ikarus . . . . . . : Trojan-Downloader.Banload!IK
      Fuzzy  . . . . . . : 103.0

   C:\Users\Ruth\Downloads\Android-Emulator\Android-Emulator\Run_Emulator(with Boot Animation).exe -> Quarantined
      Size . . . . . . . : 393,728 bytes
      Age  . . . . . . . : 1352.6 days (2009-08-29 05:56:36)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : F7B0124EDC9D575779A19743AD64385FFF4DAFB1F43DCB0B9B4A8DDFD428A0B5
      Needs elevation  . : Yes
      Product  . . . . . : Android Emulator
      Publisher  . . . . : Google
      Version  . . . . . : 1,1,0,0
    > Ikarus . . . . . . : Trojan-Dropper.Win32.BAT!IK
      Fuzzy  . . . . . . : 100.0

   C:\Users\Ruth\Downloads\PatformBomber(2)\PatformBomber\PatformBomber\Google Rank Checker\Googlerankchecker.exe -> Quarantined
      Size . . . . . . . : 2,676,579 bytes
      Age  . . . . . . . : 1017.4 days (2010-07-30 11:19:22)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 320C4543ECEB1B98683B0CC40A69FBF4B9B6E0CD1E13CF9AA65A0FF29E2F2803
      Product  . . . . . : compiledBot
      Publisher  . . . . : Microsoft
      Description  . . . : compiledBot
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright @ Microsoft 2010
    > Ikarus . . . . . . : Trojan-PWS.Win32.Dybalom!IK
      Fuzzy  . . . . . . : 108.0

   C:\Users\Ruth\Downloads\PatformBomber(2)\PatformBomber\PatformBomber\LinkFinder\LinkFinder.exe -> Quarantined
      Size . . . . . . . : 2,665,539 bytes
      Age  . . . . . . . : 1031.9 days (2010-07-15 22:09:06)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C3B5CC4BC626152F302BBADE447E329529E68E11933969117510E67774246F8D
      Product  . . . . . : compiledBot
      Publisher  . . . . : Microsoft
      Description  . . . : compiledBot
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright @ Microsoft 2010
    > Ikarus . . . . . . : Trojan-PWS.Win32.Dybalom!IK
      Fuzzy  . . . . . . : 108.0

   C:\Windows\system32\vFrameworkPro1.0.64.ocx -> Quarantined
      Size . . . . . . . : 529,408 bytes
      Age  . . . . . . . : 79.1 days (2013-02-22 17:10:12)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 12FEF03C973BE31F945ABA47A6A69D3805B29B4D6A36954BF85970DA5EC60EAC
      Product  . . . . . : vb5_vFrameworkPro
      Publisher  . . . . : None
      Version  . . . . . : 1.00.0094
    > Ikarus . . . . . . : Backdoor.Win32.VB!IK
      Fuzzy  . . . . . . : 102.0

   C:\Windows\system32\vFrameworkPro1.0.70.ocx -> Quarantined
      Size . . . . . . . : 542,208 bytes
      Age  . . . . . . . : 80.4 days (2013-02-21 11:04:26)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : B388BE9EC74C0EF6BE1FAFFA89DDD1BFCCF163C849C94FF4A6B9E6885BCDDB88
      Product  . . . . . : vb5_vFrameworkPro
      Publisher  . . . . : None
      Version  . . . . . : 1.00.0099
    > Ikarus . . . . . . : Backdoor.Win32.VB!IK
      Fuzzy  . . . . . . : 102.0


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\FocusInteractive\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Fun Web Products\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDLl32Policy\f3ScrCtr.dll\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall\ (Adware.MyWebSearch) -> Deleted
   HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin\ (Adware.MyWebSearch) -> Deleted
   HKLM\SYSTEM\ControlSet033\Services\MyWebSearchService\ (Adware.MyWebSearch)
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}\ (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ (Adware.MyWebSearch) -> Deleted

Potential Unwanted Programs _________________________________________________

   C:\ProgramData\BrowserProtect\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (Claro)
      Size . . . . . . . : 2,212,304 bytes
      Age  . . . . . . . : 96.2 days (2013-02-05 14:54:21)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 7F780DC5AC6C5D71E7C2421D7908CBDA4DA78A83D8D5EDE7C620BD2F6374F5B0
      Fuzzy  . . . . . . : 12.0

   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Claro)
      Size . . . . . . . : 2,550,224 bytes
      Age  . . . . . . . : 96.2 days (2013-02-05 14:54:21)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 04E0EDE2520AEB6AACB70870992263EB34D70BB54C3A5AA5FDCED308D654932D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -1.0

   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-18.0.dll (Claro)
      Size . . . . . . . : 565,200 bytes
      Age  . . . . . . . : 96.2 days (2013-02-05 14:54:21)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 04CB82A004B3B66C4B331E9EEC2E14F68EB22AF9AE96A051B0B684D1341191F1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -1.0

   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll (Claro)
      Size . . . . . . . : 574,416 bytes
      Age  . . . . . . . : 73.5 days (2013-02-28 08:59:07)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 54478CEAD55BB8DA42435C1A033DC06EC8FA2BF69D4D12EAF501BB17426C402C
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -1.0

   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-20.0.dll (Claro)
      Size . . . . . . . : 574,416 bytes
      Age  . . . . . . . : 27.0 days (2013-04-15 19:48:47)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : AB087B1BAF7791D21302C8881118806B37F20FDCED64D58F7AB18EEFD0051173
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -1.0

   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (Claro)
   C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (Claro)
      Size . . . . . . . : 2,550,224 bytes
      Age  . . . . . . . : 96.2 days (2013-02-05 14:54:23)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 04E0EDE2520AEB6AACB70870992263EB34D70BB54C3A5AA5FDCED308D654932D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -1.0

   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (Claro)
   C:\Users\Ruth\Local Settings\Temp\AskSearch\ (AskBar)
   HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}\ (Claro)
   HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}\ (Claro)
   HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}\ (Claro)
   HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}\ (Claro)
   HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ (Claro)
   HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}\ (Claro)
   HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}\ (Claro)
   HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
   HKLM\SOFTWARE\DataMngr\ (SearchQU)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ (SearchQU)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar\ (SearchQU)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam\ (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet021\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet022\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet023\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet024\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet025\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet026\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet027\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet028\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet029\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet030\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet031\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet032\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet033\Services\BrowserProtect\ (Claro)
   HKLM\SYSTEM\ControlSet033\Services\Eventlog\Application\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet033\Services\WajamUpdater\ (Claro)
   HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater\ (Claro)
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-3021958837-3772347930-3219022640-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)

Cookies _____________________________________________________________________

   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:analytics.cj.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:cj.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.cj.com
   C:\Users\Ruth\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\4L6UYW9S.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\6SOY9SYG.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\7MYHYRL1.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\B3OUWQM6.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\CK1TY6C9.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\F0CFGCDD.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\GC913OV3.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\K4TX9BWV.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\NVM67TXK.txt
   C:\Users\Ruth\AppData\Roaming\Microsoft\Windows\Cookies\Y7JVNCG7.txt
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:122.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:192com.112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:247realmedia.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ad-emea.doubleclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ad.360yield.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ad.doubleclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ad.uk.doubleclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:adinterax.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ads.audience2media.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ads.p161.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ads.undertone.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:adtech.de
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:adtechus.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:advertising.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:adviva.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:amazonservices.122.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ar.atwola.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:at.atwola.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:atdmt.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:atwola.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:burstnet.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:care2.112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:casalemedia.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:clickbank.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:collective-media.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:dmtracker.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:doubleclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:fastclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:fr.sitestat.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:googleads.g.doubleclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:h.atdmt.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:hearstmagazines.112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:img-cdn.mediaplex.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:invitemedia.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:kontera.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ladbrokesaccount.solution.weborama.fr
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:linksynergy.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:media6degrees.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:mediaplex.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:mm.chitika.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:movitex.122.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:newlook.112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:nhlbi.122.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:paypal.112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:pubads.g.doubleclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:questionmarket.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:revsci.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ru4.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:serving-sys.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:smartadserver.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:specificclick.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ssl.clickbank.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:stat.dealtime.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:statcounter.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:stats.paypal.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:thecooperativebank.112.2o7.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:track.adform.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:tradedoubler.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:tribalfusion.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:uk.at.atwola.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:weborama.fr
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:www4.smartadserver.com
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:yadro.ru
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:yieldmanager.net
   C:\Users\Ruth\AppData\Roaming\Mozilla\Firefox\Profiles\bvgpgmth.default\cookies.sqlite:zedo.com

kuttus · May 12, 2013

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
When it prompts you to try their 30-day trail, click decline
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

STEP 2: Run a scan with OTL by OldTimer
<ol><li>Download the OTL utility using the below link :
<><a title="External link" href="http://oldtimer.geekstogo.com/OTL.exe" rel="nofollow external">OTL DOWNLOAD LINK</a> (This link will automatically download OTL on your computer)</></li>
<li>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL-logo.png" alt="" title="OTL-logo" width="106" height="118" class="alignnone size-full wp-image-3946" /></li>
<li>When the window appears, <>underneath Output</> at the top change it to <>Minimal Output</>.</li>
<li>Check the boxes beside <>LOP Check</> and <>Purity Check</>.</li>
<li>Click the<> Run Scan</> button.
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/OTL.png" alt="" title="OTL" width="658" height="584" class="alignnone size-full wp-image-3945" /></li>
<li>When the scan completes, it will open two notepad windows. <>OTL.Txt</> and <>Extras.Txt</>. These are saved in the same location as OTL.
<>Please post this 2 logs in your first reply.</>.</li></ol>

Settings You need to Select in OTL

Click the Scan All Users checkbox.

Change Standard Registry to All.

Check the boxes beside LOP Check and Purity Check.

Note: If OTL.exe will not run, it may be blocked by malware. Try these alternate versions: <a title="External link" href="http://www.itxassociates.com/OT-Tools/OTL.scr" rel="nofollow external">OTL.scr</a>, or <a title="External link" href="http://oldtimer.geekstogo.com/OTL.com" rel="nofollow external">OTL.com</a>.

<hr />

Search

police-central-e-crime-unit-virus lock removal help

PaulosDeKathos

New Member

kuttus

Level 2

PaulosDeKathos

New Member

kuttus

Level 2

PaulosDeKathos

New Member

kuttus

Level 2

PaulosDeKathos

New Member

kuttus

Level 2

PaulosDeKathos

New Member

kuttus

Level 2

Attachments

PaulosDeKathos

New Member

kuttus

Level 2

PaulosDeKathos

New Member

kuttus

Level 2

PaulosDeKathos

New Member

PaulosDeKathos

New Member

PaulosDeKathos

New Member

kuttus

Level 2

Similar threads