Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG detects trojan cannot clean it


  • This topic is locked This topic is locked
9 replies to this topic

#1 Heathr6913

Heathr6913

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 PM

Posted 26 May 2013 - 07:37 PM

Trojan detected by AVG but cannot clean it, computer is also running sluggish.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by jproco at 20:33:03 on 2013-05-26
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3660.1619 [GMT -4:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\dwm.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "C:\Users\jproco\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8500A964-37F0-4456-BA41-85966B9E5980} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN40461944862381949&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MixiDJ V30 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN40461944862381949&UM=2&UP=SP369B0E83-6CA4-4A1E-BE45-30622A8A771C
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN40461944862381949&UM=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jproco\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\np-mswmp.dll
FF - plugin: C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\npConduitFirefoxPlugin.dll
FF - ExtSQL: 2013-05-09 14:50; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5
FF - ExtSQL: 2013-05-20 15:19; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-3-21 248120]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-19 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 239616]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-15 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-7-19 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-19 2451456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-21 701512]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-5-21 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\Drivers\RtsPStor.sys [2012-7-4 339600]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-13 683664]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-3-31 56448]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== Created Last 30 ================
.
2013-05-21 19:21:30 -------- d-----w- C:\Users\jproco\AppData\Roaming\Malwarebytes
2013-05-21 19:21:18 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-21 19:21:16 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-05-21 19:21:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 19:21:05 -------- d-----w- C:\Users\jproco\AppData\Local\Programs
2013-05-21 17:09:11 198320 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10204.bin
2013-05-20 23:42:28 -------- d-----w- C:\ProgramData\Recovery
2013-05-20 19:21:48 -------- d-----w- C:\Program Files (x86)\Conduit
2013-05-20 19:21:22 -------- d-----w- C:\Users\jproco\AppData\Local\Conduit
2013-05-20 19:20:42 -------- d-----w- C:\Users\jproco\AppData\Local\CRE
2013-05-20 01:58:15 13648384 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-05-20 01:58:12 3552768 ----a-w- C:\windows\System32\tquery.dll
2013-05-20 01:56:59 422400 ----a-w- C:\windows\System32\schannel.dll
2013-05-20 00:44:23 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-05-20 00:44:07 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-05-20 00:44:02 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-20 00:44:01 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-05-20 00:43:58 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-05-20 00:43:58 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-20 00:43:58 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-05-20 00:43:55 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-05-20 00:43:55 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-05-18 02:04:15 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-16 16:27:50 -------- d-----w- C:\Users\jproco\AppData\Local\ElevatedDiagnostics
2013-05-16 02:16:21 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-16 02:16:21 112872 ----a-w- C:\windows\System32\consent.exe
2013-05-16 00:39:37 861184 ----a-w- C:\windows\System32\drivers\http.sys
2013-05-16 00:06:28 2382336 ----a-w- C:\windows\SysWow64\esent.dll
2013-05-16 00:06:26 2851840 ----a-w- C:\windows\System32\esent.dll
2013-05-15 23:34:01 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-05-09 18:52:13 -------- d-----w- C:\Users\jproco\AppData\Roaming\AVG2013
2013-05-09 18:51:05 -------- d-----w- C:\Users\jproco\AppData\Local\AVG SafeGuard toolbar
2013-05-09 18:50:58 -------- d-----w- C:\Users\jproco\AppData\Roaming\TuneUp Software
2013-05-09 18:50:55 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-05-09 18:50:48 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-05-09 18:50:42 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-05-09 18:50:41 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-05-09 18:49:43 -------- d--h--w- C:\$AVG
2013-05-09 18:49:43 -------- d-----w- C:\ProgramData\AVG2013
2013-05-09 18:49:16 -------- d-----w- C:\Program Files (x86)\AVG
2013-05-09 18:46:09 -------- d--h--w- C:\ProgramData\Common Files
2013-05-09 18:46:09 -------- d-----w- C:\Users\jproco\AppData\Local\MFAData
2013-05-09 18:46:09 -------- d-----w- C:\Users\jproco\AppData\Local\Avg2013
2013-05-09 18:46:09 -------- d-----w- C:\ProgramData\MFAData
.
==================== Find3M  ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-04-15 11:02:04 334000 ----a-w- C:\windows\System32\RaCoInstx.dll
2013-04-15 11:02:04 2482960 ----a-w- C:\windows\System32\drivers\netr28x.sys
2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe
2013-04-09 05:27:43 284424 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\windows\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\windows\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\windows\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\windows\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\windows\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\windows\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\windows\System32\dmvdsitf.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\windows\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\windows\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34 419840 ----a-w- C:\windows\System32\intl.cpl
2013-04-09 02:35:13 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05 623104 ----a-w- C:\windows\System32\drivers\srv2.sys
2013-04-09 02:32:02 805376 ----a-w- C:\windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01 83456 ----a-w- C:\windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25 123880 ----a-w- C:\windows\SysWow64\wscapi.dll
2013-04-08 23:39:14 1408896 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17 503080 ----a-w- C:\windows\System32\ci.dll
2013-03-30 18:16:05 1403784 ----a-w- C:\windows\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\windows\System32\winload.exe
2013-03-29 06:53:48 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-03-28 22:09:09 1093880 ----a-w- C:\windows\System32\winresume.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\windows\System32\winresume.efi
2013-03-21 07:08:26 248120 ----a-w- C:\windows\System32\drivers\avgwfpa.sys
2013-03-15 22:05:34 298456 ----a-w- C:\windows\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll
2013-03-02 10:57:48 337128 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\windows\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36 357888 ----a-w- C:\windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-03-02 08:22:17 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\windows\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
.
============= FINISH: 20:33:35.09 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 PM

Posted 28 May 2013 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 PM

Posted 28 May 2013 - 12:20 PM

I just did the 1st step and when the computer restarted AVG says threat general behavioral detection Should I allow this program or select protect me? I just wanted to make sure it wasn't detecting the adw cleaner



#4 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 PM

Posted 28 May 2013 - 12:24 PM

AVG detected something upon restart after my first step and it removed the threat so hopefully that didn't mess anything up...I'm now disabling AVG and starting the second step and will post those  logs when im done. THank you!

Here's the first

 

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 13:15:12
# Updated 16/05/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : jproco - BRUSS-ZILLA
# Boot Mode : Normal
# Running from : C:\Users\jproco\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\IanGrand\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\IanGrand\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\IanGrand\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\jproco\AppData\Local\Conduit
Folder Deleted : C:\Users\jproco\AppData\Local\Temp\CT3298566
Folder Deleted : C:\Users\jproco\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jproco\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\CT3298566
Folder Deleted : C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Folder Deleted : C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\jproco\AppData\Roaming\Mozilla\Firefox\Profiles\n5ya13ob.default\prefs.js

Deleted : user_pref("CT3298566.FF19Solved", "true");
Deleted : user_pref("CT3298566.FirstTime", "true");
Deleted : user_pref("CT3298566.FirstTimeFF3", "true");
Deleted : user_pref("CT3298566.UserID", "UN40461944862381949");
Deleted : user_pref("CT3298566.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3298566.autoDisableScopes", -1);
Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3298566.defaultSearch", "true");
Deleted : user_pref("CT3298566.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3298566.enableAlerts", "true");
Deleted : user_pref("CT3298566.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3298566.fixPageNotFoundError", "true");
Deleted : user_pref("CT3298566.fixUrls", true);
Deleted : user_pref("CT3298566.installDate", "20/5/2013 15:19:56");
Deleted : user_pref("CT3298566.installId", "cid111");
Deleted : user_pref("CT3298566.installSessionId", "{EA47C4EC-AFCB-4824-BF1E-E84BFA33B398}");
Deleted : user_pref("CT3298566.installSp", "TRUE");
Deleted : user_pref("CT3298566.installType", "conduitnsisintegration");
Deleted : user_pref("CT3298566.installerVersion", "1.4.2.3");
Deleted : user_pref("CT3298566.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3298566.keyword", "true");
Deleted : user_pref("CT3298566.lastVersion", "10.16.300.3");
Deleted : user_pref("CT3298566.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3298566.migrateAppsAndComponents", true);
Deleted : user_pref("CT3298566.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Deleted : user_pref("CT3298566.openThankYouPage", "false");
Deleted : user_pref("CT3298566.openUninstallPage", "true");
Deleted : user_pref("CT3298566.originalHomepage", "hxxp://mysearch.avg.com/?cid={0BA191CE-BFD0-41F2-AAE1-70513[...]
Deleted : user_pref("CT3298566.originalSearchAddressUrl", "");
Deleted : user_pref("CT3298566.originalSearchEngine", "AVG Secure Search");
Deleted : user_pref("CT3298566.revertSettingsEnabled", "false");
Deleted : user_pref("CT3298566.searchRevert", "false");
Deleted : user_pref("CT3298566.searchUserMode", "2");
Deleted : user_pref("CT3298566.settingsINI", true);
Deleted : user_pref("CT3298566.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3298566.smartbar.CTID", "CT3298566");
Deleted : user_pref("CT3298566.smartbar.Uninstall", "0");
Deleted : user_pref("CT3298566.smartbar.homepage", "true");
Deleted : user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 ");
Deleted : user_pref("CT3298566.startPage", "true");
Deleted : user_pref("CT3298566.startPageXPETakeover", "true");
Deleted : user_pref("CT3298566.versionFromInstaller", "10.16.300.3");
Deleted : user_pref("CT3298566_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT329856[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V30 Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&Sea[...]
Deleted : user_pref("extensions.wajam.affiliate_id", "3220");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "false");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21086\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21086");
Deleted : user_pref("extensions.wajam.trace_log", "1369077875679 - processInstallationUpgrade - version set to[...]
Deleted : user_pref("extensions.wajam.unique_id", "B01B86218EC2BC8523C07AD5A56DAC6D");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.26");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN404619448[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN404619448623[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\jproco\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [11076 octets] - [28/05/2013 13:15:12]

########## EOF - C:\AdwCleaner[S1].txt - [11137 octets] ##########



#5 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 PM

Posted 28 May 2013 - 12:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by jproco on Tue 05/28/2013 at 13:26:38.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8FF154D5-57AD-4A34-AA2E-6017A4EF6919}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C69A395C-89AB-4291-A3E2-26F222212560}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C69A395C-89AB-4291-A3E2-26F222212560}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{C69A395C-89AB-4291-A3E2-26F222212560}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\jproco\appdata\local\{085E83DC-B624-4115-ACDE-68E72AE30735}
Successfully deleted: [Empty Folder] C:\Users\jproco\appdata\local\{0B353443-E0B6-444B-BE75-C51559418417}
Successfully deleted: [Empty Folder] C:\Users\jproco\appdata\local\{550E4A06-3F80-40AD-9FFE-7CBAE80070AA}
Successfully deleted: [Empty Folder] C:\Users\jproco\appdata\local\{956D6962-0223-46F7-B690-514BC2AF059F}
Successfully deleted: [Empty Folder] C:\Users\jproco\appdata\local\{975C734A-3719-4497-871C-A8EFFE14B390}
Successfully deleted: [Empty Folder] C:\Users\jproco\appdata\local\{C73FAB54-0F9D-4B31-9888-8AF5671B1603}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/28/2013 at 13:35:25.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 Results of screen317's Security Check version 0.99.64 
   x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
AVG Internet Security 2013  
Windows Defender            
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Reader XI 
 Mozilla Firefox 20.0.1 Firefox out of Date! 
 Google Chrome 22.0.1229.95 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


Also I saw that said firefox was out of date...I don't use firefox. It doesn't seem to work well with my windows 8.

Any idea why flash won't work on firefox or google chrome? That's the main issue I've had. It tells me my flash player Is out of date but when I try to update it, it says I'm up to date. Only Internet explorer works for flash.


Edited by Heathr6913, 28 May 2013 - 11:56 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 PM

Posted 29 May 2013 - 07:10 AM

Any idea why flash won't work on firefox or google chrome?


Try this for now.

Remove Chrome using the Add/Remove programs applet
Restart the computer normally.
Re-install Chrome - No need to update flash with for this programs it comes with it.

Keep me posted.

#7 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 PM

Posted 29 May 2013 - 12:50 PM

That seemed to work...from what I can tell chrome is working now. Does everything else look okay on the computer? It seems to be running okay.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 PM

Posted 29 May 2013 - 01:04 PM

Looking good.

If you still have problems with Firefox you can also remove it completely and reinstall the application. You never know when you will need it.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#9 Heathr6913

Heathr6913
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:50 PM

Posted 30 May 2013 - 12:31 AM

thank you!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 PM

Posted 30 May 2013 - 07:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users