Author Topic: FBI virus, black screen for desktop, etc HELP (Read 41950 times)

katlyn · « **on:** January 20, 2013, 11:50:07 AM »

I have been having trouble on varies forms for a while, but I got the FBI warning screen the other day, and after logging on to Windows, my desktop is black. The only way I can get online is thru task manager, but can't access desktop or do other things...any suggestions?

SuperDave · « **Reply #1 on:** January 20, 2013, 06:32:12 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
If you can't get these to run, boot in Safe Mode with NetWorking and run them there.

Here's how to get into Safe Mode.

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

katlyn · « **Reply #2 on:** January 20, 2013, 07:15:52 PM »

# AdwCleaner v2.106 - Logfile created 01/20/2013 at 20:39:38
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hailey - HAILEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Hailey\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Hailey\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Hailey\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Hailey\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Found : C:\Users\Hailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Conduit.xml
File Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Search_Results.xml
File Found : C:\Users\Hailey\Desktop\iLivid.lnk
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Hailey\AppData\Local\Ilivid
Folder Found : C:\Users\Hailey\AppData\Local\Ilivid Player
Folder Found : C:\Users\Hailey\AppData\Local\Temp\CT3131886
Folder Found : C:\Users\Hailey\AppData\LocalLow\searchquband
Folder Found : C:\Users\Hailey\AppData\Roaming\Babylon
Folder Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\CT3131886
Folder Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
Folder Found : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Blabbers
Key Found : HKCU\Software\BrowserCompanion
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Key Found : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-410393384-1161414932-3442993101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-410393384-1161414932-3442993101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112478&tt=031012_IKAN_4112_6&babsrc=HP_ss&mntrId=ccbb3ff00000000000000023543aae5f

-\\ Mozilla Firefox v10.0.2 (en-US)

File : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\prefs.js

Found : user_pref("CT3131886.1000082.isDisplayHidden", "true");
Found : user_pref("CT3131886.1000082.isPlayDisplay", "true");
Found : user_pref("CT3131886.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3131886.1000234.TWC_TMP_city", "BELLEVUE");
Found : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Found : user_pref("CT3131886.1000234.TWC_locId", "SZXX0119");
Found : user_pref("CT3131886.1000234.TWC_location", "Bellevue, Switzerland");
Found : user_pref("CT3131886.1000234.TWC_region", "US");
Found : user_pref("CT3131886.1000234.TWC_temp_dis", "f");
Found : user_pref("CT3131886.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT3131886.1000234.weatherData", "{\"icon\":\"16.png\",\"temperature\":\"34°F\",\"temperat[...]
Found : user_pref("CT3131886.CBOpenMAMSettings.enc", "MA==");
Found : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3131886.FirstTime", "true");
Found : user_pref("CT3131886.FirstTimeFF3", "true");
Found : user_pref("CT3131886.LoginRevertSettingsEnabled", true);
Found : user_pref("CT3131886.RevertSettingsEnabled", true);
Found : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]
Found : user_pref("CT3131886.UserID", "UN00894222291528645");
Found : user_pref("CT3131886.addressBarTakeOverEnabledInHi dden", "true");
Found : user_pref("CT3131886.autoDisableScopes", 0);
Found : user_pref("CT3131886.browser.search.defaultthis.en gineName", true);
Found : user_pref("CT3131886.cb_experience_000.enc", "NA==");
Found : user_pref("CT3131886.cb_firstuse0100.enc", "MQ==");
Found : user_pref("CT3131886.cb_user_id_000.enc", "Q0I2NTA2OTkwMDQyMTdfMTM1NjgzNDY4MjE5MV9 GaXJlZm94");
Found : user_pref("CT3131886.cbcountry_001.enc", "VVM=");
Found : user_pref("CT3131886.cbfirsttime.enc", "VGh1IE9jdCAxMSAyMDEyIDAyOjE4OjE0IEdNVC0 wNTAwIChDZW50cmFsIERh[...]
Found : user_pref("CT3131886.defaultSearch", "true");
Found : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3131886.enableAlerts", "always");
Found : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Found : user_pref("CT3131886.firstTimeDialogOpened", "true");
Found : user_pref("CT3131886.fixPageNotFoundError", "true");
Found : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3131886.fixUrls", true);
Found : user_pref("CT3131886.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Found : user_pref("CT3131886.installId", "conduitinstaller.exe");
Found : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Found : user_pref("CT3131886.isCheckedStartAsHidden", true);
Found : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3131886.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3131886.isNewTabEnabled", true);
Found : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3131886.keyword", true);
Found : user_pref("CT3131886.migrateAppsAndComponents", true);
Found : user_pref("CT3131886.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fpinterest.com%2F[...]
Found : user_pref("CT3131886.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3131886.openThankYouPage", "false");
Found : user_pref("CT3131886.openUninstallPage", "true");
Found : user_pref("CT3131886.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Found : user_pref("CT3131886.price-gong.isManagedApp", "true");
Found : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Found : user_pref("CT3131886.search.searchCount", "0");
Found : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3131886.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3131886.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3131886.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3131886.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1358694823182");
Found : user_pref("CT3131886.serviceLayer_services_appTrac king_lastUpdate", "1353971720173");
Found : user_pref("CT3131886.serviceLayer_services_appsMet adata_lastUpdate", "1358694702960");
Found : user_pref("CT3131886.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1358039104180");
Found : user_pref("CT3131886.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1351253747534");
Found : user_pref("CT3131886.serviceLayer_services_login_1 0.13.40.15_lastUpdate", "1358694703696");
Found : user_pref("CT3131886.serviceLayer_services_optimiz er_lastUpdate", "1351063574819");
Found : user_pref("CT3131886.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1358039103678");
Found : user_pref("CT3131886.serviceLayer_services_searchA PI_lastUpdate", "1358694703668");
Found : user_pref("CT3131886.serviceLayer_services_service Map_lastUpdate", "1358694702728");
Found : user_pref("CT3131886.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1358039103452");
Found : user_pref("CT3131886.serviceLayer_services_toolbar Settings_lastUpdate", "1358694703049");
Found : user_pref("CT3131886.serviceLayer_services_transla tion_lastUpdate", "1358694703153");
Found : user_pref("CT3131886.serviceLayer_services_userApp s1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Found : user_pref("CT3131886.serviceLayer_services_userApp s_lastUpdate", "1357962486101");
Found : user_pref("CT3131886.settingsINI", true);
Found : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Found : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Found : user_pref("CT3131886.smartbar.Uninstall", "0");
Found : user_pref("CT3131886.smartbar.homepage", true);
Found : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Found : user_pref("CT3131886.startPage", "userChanged");
Found : user_pref("CT3131886.toolbarBornServerTime", "10-10-2012");
Found : user_pref("CT3131886.toolbarCurrentServerTime", "20-1-2013");
Found : user_pref("CT3131886.upgradeFromClearSBVersion", true);
Found : user_pref("CT3131886.url_history0001.enc", "aHR0cDovL3BpbnRlcmVzdC5jb20vcGluLzEyMzI 4NjEwODUxOTg3ODI2[...]
Found : user_pref("CT3131886_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Vgrabber1 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=4[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3131886");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.5071fe4ee74a7.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.50755124a2dd1.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "ccbb3ff00000000000000023543aae5f");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15623");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.75:37:14");
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationThankYouPage", true);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationTime", 1349648385);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.searchUserConifrmat ion", false[...]
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp3491.3491.activ e", true);
Found : user_pref("extensions.crossriderapp3491.3491.addre ssbar", "");
Found : user_pref("extensions.crossriderapp3491.3491.certd omaininstaller", "");
Found : user_pref("extensions.crossriderapp3491.3491.chang eprevious", false);
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.value", "1349648385");
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Found : user_pref("extensions.crossriderapp3491.3491.descr iption", "Vid-Saver allows you to download your fa[...]
Found : user_pref("extensions.crossriderapp3491.3491.domai n", "");
Found : user_pref("extensions.crossriderapp3491.3491.enabl esearch", false);
Found : user_pref("extensions.crossriderapp3491.3491.fbrem oteurl", "");
Found : user_pref("extensions.crossriderapp3491.3491.group", 0);
Found : user_pref("extensions.crossriderapp3491.3491.homep age", "");
Found : user_pref("extensions.crossriderapp3491.3491.ifram e", false);
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Found : user_pref("extensions.crossriderapp3491.3491.manif esturl", "");
Found : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Found : user_pref("extensions.crossriderapp3491.3491.newta b", "");
Found : user_pref("extensions.crossriderapp3491.3491.opens earch", "");
Found : user_pref("extensions.crossriderapp3491.3491.plugi nsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp3491.3491.publi sher", "215 Apps");
Found : user_pref("extensions.crossriderapp3491.3491.searc hstatus", 0);
Found : user_pref("extensions.crossriderapp3491.3491.setne wtab", false);
Found : user_pref("extensions.crossriderapp3491.3491.setti ngsurl", "");
Found : user_pref("extensions.crossriderapp3491.3491.thank you", "hxxp://vid-saver.com/thankyou.html");
Found : user_pref("extensions.crossriderapp3491.3491.updat einterval", 360);
Found : user_pref("extensions.crossriderapp3491.3491.ver", 0);
Found : user_pref("extensions.crossriderapp3491.adsOldValu e", -1);
Found : user_pref("extensions.crossriderapp3491.bic", "13a4a451f6f06ba2b5ff26957d8ce110");
Found : user_pref("extensions.crossriderapp3491.firstrun", false);
Found : user_pref("extensions.crossriderapp3491.installati ondate", 1349865775);
Found : user_pref("extensions.crossriderapp3491.lastcheck", 22644910);
Found : user_pref("extensions.crossriderapp3491.lastchecki tem", 22644969);
Found : user_pref("extensions.crossriderapp3491.modetype", "production");
Found : user_pref("extensions.crossriderapp3491.reportInst all", true);
Found : user_pref("extensions.enabledAddons", "[email protected]:1.16.335,[email protected]:2.5.29231,{[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&q=[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=497&s[...]

File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\lxmokr16.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.15] : homepage = "hxxp://www.searchnu.com/406",
Found [l.19] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Found [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=497&systemid=406&sr=0&q={searchTerms}"
Found [l.342] : homepage = "hxxp://www.searchnu.com/406",
Found [l.482] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[R1].txt - [25962 octets] - [20/01/2013 20:39:38]

########## EOF - C:\AdwCleaner[R1].txt - [26023 octets] ##########

katlyn · « **Reply #3 on:** January 21, 2013, 12:52:11 AM »

I ran mbam.exe, but I can't find the log.... can't find notebook. Where do I look?

katlyn · « **Reply #4 on:** January 21, 2013, 06:33:03 AM »

After I ran Remove Selected it forced a restart, but it still came up the same way, logged onto a black desktop and had to use task manager. When I tried to reboot with safe mode, I had a desktop(black) with a few folders in the process of loading for a few seconds, then a blank white screen. Should I run mbam again to get to the logs?

SuperDave · « **Reply #5 on:** January 21, 2013, 03:45:05 PM »

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

***********************************************

Please download Unhide by Grinler from here and save it to your desktop.
Double click unhide.exe to run the tool.
It will take some time to go through all your files, so please be patient.
If this tool doesn´t fix the problem, please let me know.

katlyn · « **Reply #6 on:** January 21, 2013, 05:10:08 PM »

I apparently downloaded this twice yesterday, so I deleted from both downloads... I hope that is correct. So I will post the second one next.

# AdwCleaner v2.106 - Logfile created 01/21/2013 at 18:04:06
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hailey - HAILEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Hailey\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Hailey\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Hailey\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Hailey\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Hailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Hailey\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Hailey\AppData\Local\Ilivid
Folder Deleted : C:\Users\Hailey\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Hailey\AppData\Local\Temp\CT3131886
Folder Deleted : C:\Users\Hailey\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\CT3131886
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
Folder Deleted : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112478&tt=031012_IKAN_4112_6&babsrc=HP_ss&mntrId=ccbb3ff00000000000000023543aae5f --> hxxp://www.google.com

-\\ Mozilla Firefox v10.0.2 (en-US)

File : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\prefs.js

C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\user.js ... Deleted !

Deleted : user_pref("CT3131886.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3131886.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3131886.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3131886.1000234.TWC_TMP_city", "BELLEVUE");
Deleted : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3131886.1000234.TWC_locId", "SZXX0119");
Deleted : user_pref("CT3131886.1000234.TWC_location", "Bellevue, Switzerland");
Deleted : user_pref("CT3131886.1000234.TWC_region", "US");
Deleted : user_pref("CT3131886.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3131886.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3131886.1000234.weatherData", "{\"icon\":\"05.png\",\"temperature\":\"38°F\",\"temperat[...]
Deleted : user_pref("CT3131886.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_T HE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3131886.FirstTime", "true");
Deleted : user_pref("CT3131886.FirstTimeFF3", "true");
Deleted : user_pref("CT3131886.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3131886.RevertSettingsEnabled", true);
Deleted : user_pref("CT3131886.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT313[...]
Deleted : user_pref("CT3131886.UserID", "UN00894222291528645");
Deleted : user_pref("CT3131886.addressBarTakeOverEnabledInHi dden", "true");
Deleted : user_pref("CT3131886.autoDisableScopes", 0);
Deleted : user_pref("CT3131886.browser.search.defaultthis.en gineName", true);
Deleted : user_pref("CT3131886.cb_experience_000.enc", "NA==");
Deleted : user_pref("CT3131886.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3131886.cb_user_id_000.enc", "Q0I2NTA2OTkwMDQyMTdfMTM1NjgzNDY4MjE5MV9 GaXJlZm94");
Deleted : user_pref("CT3131886.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3131886.cbfirsttime.enc", "VGh1IE9jdCAxMSAyMDEyIDAyOjE4OjE0IEdNVC0 wNTAwIChDZW50cmFsIERh[...]
Deleted : user_pref("CT3131886.defaultSearch", "true");
Deleted : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3131886.enableAlerts", "always");
Deleted : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3131886.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3131886.fixPageNotFoundError", "true");
Deleted : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3131886.fixUrls", true);
Deleted : user_pref("CT3131886.hxxp___www_socialgrowthtechno logies_com_couponbuddy_v001.APP_WIN_FEA TURES", "op[...]
Deleted : user_pref("CT3131886.installId", "conduitinstaller.exe");
Deleted : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3131886.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3131886.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3131886.isNewTabEnabled", true);
Deleted : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3131886.keyword", true);
Deleted : user_pref("CT3131886.migrateAppsAndComponents", true);
Deleted : user_pref("CT3131886.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.computerhope[...]
Deleted : user_pref("CT3131886.openThankYouPage", "false");
Deleted : user_pref("CT3131886.openUninstallPage", "true");
Deleted : user_pref("CT3131886.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3131886.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Deleted : user_pref("CT3131886.search.searchCount", "0");
Deleted : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3131886.serviceLayer_service_login_is FirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3131886.serviceLayer_service_login_lo ginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3131886.serviceLayer_service_toolbarG rouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3131886.serviceLayer_service_usage_to olbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3131886.serviceLayer_services_appTrac kingFirstTime_lastUpdate", "1358694823182");
Deleted : user_pref("CT3131886.serviceLayer_services_appTrac king_lastUpdate", "1353971720173");
Deleted : user_pref("CT3131886.serviceLayer_services_appsMet adata_lastUpdate", "1358694702960");
Deleted : user_pref("CT3131886.serviceLayer_services_gottenA ppsContextMenu_lastUpdate", "1358039104180");
Deleted : user_pref("CT3131886.serviceLayer_services_login_1 0.10.27.6_lastUpdate", "1351253747534");
Deleted : user_pref("CT3131886.serviceLayer_services_login_1 0.13.40.15_lastUpdate", "1358750197424");
Deleted : user_pref("CT3131886.serviceLayer_services_optimiz er_lastUpdate", "1351063574819");
Deleted : user_pref("CT3131886.serviceLayer_services_otherAp psContextMenu_lastUpdate", "1358039103678");
Deleted : user_pref("CT3131886.serviceLayer_services_searchA PI_lastUpdate", "1358694703668");
Deleted : user_pref("CT3131886.serviceLayer_services_service Map_lastUpdate", "1358781108248");
Deleted : user_pref("CT3131886.serviceLayer_services_toolbar ContextMenu_lastUpdate", "1358039103452");
Deleted : user_pref("CT3131886.serviceLayer_services_toolbar Settings_lastUpdate", "1358750198280");
Deleted : user_pref("CT3131886.serviceLayer_services_transla tion_lastUpdate", "1358781108649");
Deleted : user_pref("CT3131886.serviceLayer_services_userApp s1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT3131886.serviceLayer_services_userApp s_lastUpdate", "1357962486101");
Deleted : user_pref("CT3131886.settingsINI", true);
Deleted : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Deleted : user_pref("CT3131886.smartbar.Uninstall", "0");
Deleted : user_pref("CT3131886.smartbar.homepage", true);
Deleted : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Deleted : user_pref("CT3131886.startPage", "userChanged");
Deleted : user_pref("CT3131886.toolbarBornServerTime", "10-10-2012");
Deleted : user_pref("CT3131886.toolbarCurrentServerTime", "21-1-2013");
Deleted : user_pref("CT3131886.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3131886.url_history0001.enc", "aHR0cDovL3d3dy5jb21wdXRlcmhvcGUuY29tL2Z vcnVtL2luZGV4LnBo[...]
Deleted : user_pref("CT3131886_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3131886&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Vgrabber1 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=4[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3131886");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.5071fe4ee74a7.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.50755124a2dd1.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "ccbb3ff00000000000000023543aae5f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15623");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.75:37:14");
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationTime", 1349648385);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.searchUserConifrmat ion", false[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.Insta llationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.activ e", true);
Deleted : user_pref("extensions.crossriderapp3491.3491.addre ssbar", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.certd omaininstaller", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.chang eprevious", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallationTime.value", "1349648385");
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.cooki e.InstallerParams.value", "%7B%22source_id%22%3A%2[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.descr iption", "Vid-Saver allows you to download your fa[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.domai n", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.enabl esearch", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.fbrem oteurl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.group", 0);
Deleted : user_pref("extensions.crossriderapp3491.3491.homep age", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.ifram e", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.inter naldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.manif esturl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Deleted : user_pref("extensions.crossriderapp3491.3491.newta b", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.opens earch", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.plugi nsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp3491.3491.publi sher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp3491.3491.searc hstatus", 0);
Deleted : user_pref("extensions.crossriderapp3491.3491.setne wtab", false);
Deleted : user_pref("extensions.crossriderapp3491.3491.setti ngsurl", "");
Deleted : user_pref("extensions.crossriderapp3491.3491.thank you", "hxxp://vid-saver.com/thankyou.html");
Deleted : user_pref("extensions.crossriderapp3491.3491.updat einterval", 360);
Deleted : user_pref("extensions.crossriderapp3491.3491.ver", 0);
Deleted : user_pref("extensions.crossriderapp3491.adsOldValu e", -1);
Deleted : user_pref("extensions.crossriderapp3491.bic", "13a4a451f6f06ba2b5ff26957d8ce110");
Deleted : user_pref("extensions.crossriderapp3491.firstrun", false);
Deleted : user_pref("extensions.crossriderapp3491.installati ondate", 1349865775);
Deleted : user_pref("extensions.crossriderapp3491.lastcheck", 22646619);
Deleted : user_pref("extensions.crossriderapp3491.lastchecki tem", 22646874);
Deleted : user_pref("extensions.crossriderapp3491.modetype", "production");
Deleted : user_pref("extensions.crossriderapp3491.reportInst all", true);
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.16.335,[email protected]:2.5.29231,{[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&q=[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=497&s[...]

File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\lxmokr16.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

Deleted [l.51] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=497&systemid=406&sr=0&q={searchT[...]
Deleted [l.342] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.482] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[R1].txt - [26093 octets] - [20/01/2013 20:39:38]
AdwCleaner[S1].txt - [23817 octets] - [21/01/2013 18:04:06]

########## EOF - C:\AdwCleaner[S1].txt - [23878 octets] ##########

katlyn · « **Reply #7 on:** January 21, 2013, 05:11:41 PM »

2nd deletion from AdwCleaner.

# AdwCleaner v2.106 - Logfile created 01/21/2013 at 18:16:51
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : Hailey - HAILEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Hailey\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

File : C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\prefs.js

[OK] File is clean.

File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\lxmokr16.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [26093 octets] - [20/01/2013 20:39:38]
AdwCleaner[S1].txt - [23948 octets] - [21/01/2013 18:04:06]
AdwCleaner[S2].txt - [1063 octets] - [21/01/2013 18:16:51]

########## EOF - C:\AdwCleaner[S2].txt - [1123 octets] ##########

katlyn · « **Reply #8 on:** January 21, 2013, 08:14:52 PM »

I rebooted and still have a black desktop and have to access thru task manager.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 01/21/2013 06:47:04 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 342425 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 15028 files processed.

The C:\Users\Hailey\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 01/21/2013 06:57:46 PM
Execution time: 0 hours(s), 10 minute(s), and 42 seconds(s)

katlyn · « **Reply #9 on:** January 21, 2013, 08:20:32 PM »

I found the mbam files.................

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.01

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]

2013/01/21 01:33:43 -0600   HAILEY-PC   (null)   MESSAGE   Starting protection
2013/01/21 01:33:43 -0600   HAILEY-PC   (null)   MESSAGE   Protection started successfully
2013/01/21 01:33:43 -0600   HAILEY-PC   (null)   MESSAGE   Starting IP protection
2013/01/21 01:33:49 -0600   HAILEY-PC   Hailey   MESSAGE   IP Protection started successfully
2013/01/21 14:09:49 -0600   HAILEY-PC   Hailey   MESSAGE   Executing scheduled update: Daily
2013/01/21 14:10:06 -0600   HAILEY-PC   Hailey   MESSAGE   Scheduled update executed successfully: database updated from version v2013.01.21.01 to version v2013.01.21.07
2013/01/21 14:10:07 -0600   HAILEY-PC   Hailey   MESSAGE   Starting database refresh
2013/01/21 14:10:07 -0600   HAILEY-PC   Hailey   MESSAGE   Stopping IP protection
2013/01/21 14:10:10 -0600   HAILEY-PC   Hailey   MESSAGE   IP Protection stopped successfully
2013/01/21 14:10:27 -0600   HAILEY-PC   Hailey   MESSAGE   Database refreshed successfully
2013/01/21 14:10:28 -0600   HAILEY-PC   Hailey   MESSAGE   Starting IP protection
2013/01/21 14:10:43 -0600   HAILEY-PC   Hailey   MESSAGE   IP Protection started successfully
2013/01/21 18:07:23 -0600   HAILEY-PC   (null)   MESSAGE   Starting protection
2013/01/21 18:07:23 -0600   HAILEY-PC   (null)   MESSAGE   Protection started successfully
2013/01/21 18:07:23 -0600   HAILEY-PC   (null)   MESSAGE   Starting IP protection
2013/01/21 18:07:28 -0600   HAILEY-PC   (null)   MESSAGE   IP Protection started successfully
2013/01/21 18:18:32 -0600   HAILEY-PC   (null)   MESSAGE   Starting protection
2013/01/21 18:18:32 -0600   HAILEY-PC   (null)   MESSAGE   Protection started successfully
2013/01/21 18:18:32 -0600   HAILEY-PC   (null)   MESSAGE   Starting IP protection
2013/01/21 18:18:37 -0600   HAILEY-PC   (null)   MESSAGE   IP Protection started successfully
2013/01/21 21:30:49 -0600   HAILEY-PC   (null)   MESSAGE   Starting protection
2013/01/21 21:30:49 -0600   HAILEY-PC   (null)   MESSAGE   Protection started successfully
2013/01/21 21:30:49 -0600   HAILEY-PC   (null)   MESSAGE   Starting IP protection
2013/01/21 21:30:54 -0600   HAILEY-PC   (null)   MESSAGE   IP Protection started successfully

Protection: Enabled

1/20/2013 8:53:37 PM
mbam-log-2013-01-20 (20-53-37).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 543220
Time elapsed: 2 hour(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 39
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Downloader (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 6
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\Hailey\AppData\Roaming\ldr.mcb,explorer.exe -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 30
C:\Program Files\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files\ReImageCompanion\tdataprotocol.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\ReImageCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\ReImageCompanion\BCHelperReImage.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\vGrabber-software\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Program Files\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\rei\Temp\20120401_1622\Installer\C_drive\Program Files\i want this\i want this.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\D43F.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\0.8349302755542694 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\1EA6.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\1F52.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\F0D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\F97A.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\E542.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\E7AF.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\EA6D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\2CBA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\43E3.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\7B08.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\878.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\9359.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\9B83.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\9C0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\wxdownload_extension.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\LocalLow\bbrs_006.tb\content\BCHelper.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0EFCA1E8.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Hailey\AppData\Roaming\ldr.mcb (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\Hailey\Downloads\setup(1).exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.
C:\Users\Hailey\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y7I6EX99\SmileyCentral[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

2013/01/20 20:51:35 -0600   HAILEY-PC   Hailey   MESSAGE   Executing scheduled update: Daily
2013/01/20 20:51:44 -0600   HAILEY-PC   Hailey   MESSAGE   Starting protection
2013/01/20 20:51:44 -0600   HAILEY-PC   Hailey   MESSAGE   Protection started successfully
2013/01/20 20:51:44 -0600   HAILEY-PC   Hailey   MESSAGE   Starting IP protection
2013/01/20 20:51:51 -0600   HAILEY-PC   Hailey   MESSAGE   IP Protection started successfully
2013/01/20 20:52:36 -0600   HAILEY-PC   Hailey   MESSAGE   Starting database refresh
2013/01/20 20:52:36 -0600   HAILEY-PC   Hailey   MESSAGE   Stopping IP protection
2013/01/20 20:52:37 -0600   HAILEY-PC   Hailey   MESSAGE   IP Protection stopped successfully
2013/01/20 20:52:36 -0600   HAILEY-PC   Hailey   MESSAGE   Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.01.21.01
2013/01/20 20:52:53 -0600   HAILEY-PC   Hailey   MESSAGE   Database refreshed successfully
2013/01/20 20:52:53 -0600   HAILEY-PC   Hailey   MESSAGE   Starting IP protection
2013/01/20 20:53:01 -0600   HAILEY-PC   Hailey   MESSAGE   IP Protection started successfully

katlyn · « **Reply #10 on:** January 22, 2013, 10:50:36 AM »

I had to shutdown and started in safe mode, and this time I had access to my desktop (on a black screen) but could not access the internet. Had to reboot out of safe mode to use task manager for internet access.

SuperDave · « **Reply #11 on:** January 22, 2013, 12:27:02 PM »

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run the following.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

katlyn · « **Reply #12 on:** January 23, 2013, 04:36:15 PM »

I am not given the option to run RKill as Administrator.... when I right click I get

Open Link in new tab
Open link in new window
Bookmark this link
Save link as....
Send link...
Copy link location
Inspect Element (Q)

I'm sorry I am so uneducated about this.... Also I noticed when I go thru task manager to get on Firefox that it is a .Ink link... don't know if that means anything.

SuperDave · « **Reply #13 on:** January 23, 2013, 05:36:10 PM »

Quote

I am not given the option to run RKill as Administrator.... when I right click I get

Open Link in new tab
Open link in new window
Bookmark this link
Save link as....
Send link...
Copy link location
Inspect Element (Q)

Does it do that on every one of the links?

Quote

I'm sorry I am so uneducated about this.... Also I noticed when I go thru task manager to get on Firefox that it is a .Ink link... don't know if that means anything.

Ink means it a shortcut.

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

katlyn · « **Reply #14 on:** January 23, 2013, 08:23:48 PM »

I clicked on the link for anti-rook kit, it shows up in downloads, I open that and had to figure out how to unzip a file, chose extract all into documents, mbar.exe was not a choice.... so I selected mbar, selected run, cleanup was not a choice, but a log suddenly appeared at the bottom of the list of files. Here is that log.

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19088

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 937172992, free: 102539264

------------ Kernel report ------------
01/23/2013 21:25:56
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\drivers\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\HSXHWBS3.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\drivers\usbprint.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84ef48e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xffffffff83a6d030
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0

The fixdamage shows a folder, but I wasn't sure that I had actually ran a cleanup......

Computer Hope Forum

News:

Author Topic: FBI virus, black screen for desktop, etc HELP (Read 41950 times)

katlyn

FBI virus, black screen for desktop, etc HELP

SuperDave

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

SuperDave

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

SuperDave

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP

SuperDave

Re: FBI virus, black screen for desktop, etc HELP

katlyn

Re: FBI virus, black screen for desktop, etc HELP