Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search conduit webpage infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 sajb

sajb

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 July 2013 - 04:27 AM

Hi there,

 

Thank you in advance...

 

I been having a problem with this search.conduit.com web page. It keeps on coming up even though I try to change it. I used my antivirus scan and it found and cleaned 3 infections. I change my homepage back to google.com but it seems to be coming back somehow, and these other popups seem to be popping up a well, im guessing they are associated with ths search.conduit.

 

Not sure what to do next....

Please help if you can

 

Steven



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 11 July 2013 - 05:14 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 July 2013 - 06:16 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-11 23:12:00
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465.76GB
Running: f8kdl577.exe; Driver: C:\Users\Steven\AppData\Local\Temp\kgdyqpob.sys

---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                       ZwCreateThread [0x90B557F0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                       ZwLoadDriver [0x90B558B0]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                       ZwSetSystemInformation [0x90B55870]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                       ZwSystemDebugControl [0x90B55830]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                      Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                      Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3D2351E4-65DB-414F-9ECC-366DDEAFDF73}\Connection@Name  isatap.{840EF92A-C1C2-4484-B504-D887A4FB3E39}
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind     \Device\{DAAC6143-FB15-4DCC-A83C-8797D33DACF2}?\Device\{B59CECC2-225B-49DE-80CA-CBC3BC025942}?\Device\{3D2351E4-65DB-414F-9ECC-366DDEAFDF73}?\Device\{7F0BFF45-46D4-4AF9-B054-4BA812C0402E}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route    "{DAAC6143-FB15-4DCC-A83C-8797D33DACF2}"?"{B59CECC2-225B-49DE-80CA-CBC3BC025942}"?"{3D2351E4-65DB-414F-9ECC-366DDEAFDF73}"?"{7F0BFF45-46D4-4AF9-B054-4BA812C0402E}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export   \Device\TCPIP6TUNNEL_{DAAC6143-FB15-4DCC-A83C-8797D33DACF2}?\Device\TCPIP6TUNNEL_{B59CECC2-225B-49DE-80CA-CBC3BC025942}?\Device\TCPIP6TUNNEL_{3D2351E4-65DB-414F-9ECC-366DDEAFDF73}?\Device\TCPIP6TUNNEL_{7F0BFF45-46D4-4AF9-B054-4BA812C0402E}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3D2351E4-65DB-414F-9ECC-366DDEAFDF73}@InterfaceName                       isatap.{840EF92A-C1C2-4484-B504-D887A4FB3E39}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3D2351E4-65DB-414F-9ECC-366DDEAFDF73}@ReusableType                        0

---- EOF - GMER 2.1 ----



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 11 July 2013 - 07:15 AM

Then we need the DDS log files as well...


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 July 2013 - 03:47 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.11.2
Run by Steven at 22:46:23 on 2013-07-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.2806.1113 [GMT 12:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\Program Files\Amadeus\Pro Printer\Mainsrv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Amadeus\Pro Printer\ComAdapt.exe
C:\Program Files\Amadeus\Pro Printer\AmaPrt.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\Explorer.EXE
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Automatic Update\AutoUpdateGUI.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://toshiba.msn.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - c:\program files\utorrentcontrol_v6\prxtbuTo0.dll
uURLSearchHooks: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - c:\program files\nch_en\prxtbNCH_.dll
mURLSearchHooks: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - c:\program files\utorrentcontrol_v6\prxtbuTo0.dll
mURLSearchHooks: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - c:\program files\nch_en\prxtbNCH_.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: SelectionLinks: {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - c:\program files\oapps\SelectionLinks.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - c:\program files\utorrentcontrol_v6\prxtbuTo0.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - c:\program files\nch_en\prxtbNCH_.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DownloadHelper Class: {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - c:\program files\common files\download helper\DownloadHelper.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentControl_v6 Toolbar: {96F454EA-9D38-474F-B504-56193E00C1A5} - c:\program files\utorrentcontrol_v6\prxtbuTo0.dll
TB: NCH_EN Toolbar: {A87CB3E3-4DB9-439D-B96B-576F5AE8459D} - c:\program files\nch_en\prxtbNCH_.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentControl_v6 Toolbar: {96f454ea-9d38-474f-b504-56193e00c1a5} - c:\program files\utorrentcontrol_v6\prxtbuTo0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: NCH_EN Toolbar: {a87cb3e3-4db9-439d-b96b-576f5ae8459d} - c:\program files\nch_en\prxtbNCH_.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "c:\users\steven\appdata\local\akamai\netsession_win.exe"
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [GoogleChromeAutoLaunch_F24911D7A7038F5FFBF2DBF664E78DA0] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [NortonOnlineBackup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - c:\program files\toshiba\bulletinboard\TosBBCom.dll/1000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download video on this page - c:\program files\kotato\youtube downloader\YTD_IE.dll/300
IE: Download video this links to - c:\program files\kotato\youtube downloader\YTD_IE.dll/301
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {731DC20B-51DE-4681-BBB9-69593E9F99A2} - c:\program files\kotato\youtube downloader\YTD_IE.dll/300
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\toshiba\bulletinboard\TosBBCom.dll
Trusted Zone: amadeus.com
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com
Trusted Zone: certificates.amadeusvista.com
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusvista.com
DPF: {051FE707-9706-11D5-A836-000102A7C938} - hxxp://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL42P100.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} - hxxp://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3A33C6A0-8037-41C5-B7BC-A7CBCC6CA9B0} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7E8E4D98-6389-4149-A413-C302DB99C309} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7E8E4D98-6389-4149-A413-C302DB99C309}\242796467656771697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7E8E4D98-6389-4149-A413-C302DB99C309}\375656E6F6E63736275656E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7E8E4D98-6389-4149-A413-C302DB99C309}\67F6461666F6E65654834454 : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steven\appdata\roaming\mozilla\firefox\profiles\8h4met2a.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\firefox\profiles\8h4met2a.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\plugins\np-mswmp.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\firefox\profiles\8h4met2a.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-07 13:41; {FBBAEACB-74C3-41B1-9936-C9EF85640BBF}; c:\users\steven\appdata\roaming\mozilla\firefox\profiles\8h4met2a.default\extensions\{FBBAEACB-74C3-41B1-9936-C9EF85640BBF}
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
============= SERVICES / DRIVERS ===============
.
R2 AmadeusProPrinter;AmadeusProPrinter;c:\program files\amadeus\pro printer\Mainsrv.exe [2011-11-22 421888]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\nobuagent.exe service --> c:\program files\symantec\norton online backup\NOBuAgent.exe service [?]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-8 144672]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-12-11 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-17 378984]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2011-3-3 189880]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-10-10 2656280]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-9 68208]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-20 41088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-11 62336]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-11 141440]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-10-10 33616]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-16 9216]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-10-10 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-12-9 112032]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-12-21 685488]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\drivers\btfilter.sys [2011-10-10 33640]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-10-10 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-6 235216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-10-10 197224]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUVStor.sys [2011-10-10 226408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-21 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-07-07 01:49:55 -------- d-----w- c:\users\steven\appdata\roaming\Kotato
2013-07-07 01:49:51 -------- d-----w- c:\program files\Kotato
2013-07-07 01:47:10 -------- d-----w- c:\program files\WinRAR Password Cracker
2013-07-07 01:45:38 -------- d-----w- c:\users\steven\appdata\roaming\WinRARPasswordCracker.com
2013-07-07 01:44:52 -------- d-----w- c:\users\steven\appdata\local\WinRARPasswordCracker.com
2013-07-07 01:41:42 -------- d-----w- c:\program files\OApps
2013-07-07 01:32:30 -------- d-----w- c:\program files\NCH_EN
2013-07-07 01:31:47 -------- d-----w- c:\users\steven\appdata\roaming\NCH Software
2013-07-07 01:31:29 -------- d-----w- c:\program files\NCH Software
2013-06-27 07:55:36 180224 ----a-r- c:\windows\system32\BrMuSNMP.dll
.
==================== Find3M  ====================
.
2013-06-12 04:32:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 04:32:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-27 06:06:05 0 ----a-w- c:\windows\system32\sho8B60.tmp
.
============= FINISH: 22:46:51.16 ===============
 



#6 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 11 July 2013 - 04:02 PM

Hi there

 

thanks for your help, am i able to continue my work while we are doing this?

 

The dds.txt file is posted above...

It says in the attach txt file to zip it and attach it instead of posting.

 

I have done it as an attachment here, but can post if you want

 

Thanks again

Steven

Attached Files


Edited by sajb, 11 July 2013 - 04:31 PM.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 July 2013 - 03:05 AM

yes, continue the work, but save it.

 

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 12 July 2013 - 04:07 AM

# AdwCleaner v2.305 - Logfile created 07/12/2013 at 20:56:31
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Steven - STEVEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Steven\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\END
File Deleted : C:\Users\Steven\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\NCH_EN
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\uTorrentControl_v6
Folder Deleted : C:\Users\Steven\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Steven\AppData\Local\Conduit
Folder Deleted : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Deleted : C:\Users\Steven\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Steven\AppData\Local\Temp\CT3289075
Folder Deleted : C:\Users\Steven\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Steven\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Steven\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\Steven\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Steven\AppData\LocalLow\uTorrentControl_v6
Folder Deleted : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\CT3289075
Folder Deleted : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
Folder Deleted : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\extensions\staged
Folder Deleted : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\Smartbar
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\NCH_EN
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{079D463D-06B7-4A05-A737-7D4A09E3A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282495
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52656BFA-9D20-4497-98AA-C4757E25EDC1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84678FA5-F18F-4407-A16F-D3CA3E26A7A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C2A607-AF4A-4F53-BFFE-14027D819534}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECFBA423-7B19-4D00-B5E4-68C8B8633E77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{079D463D-06B7-4A05-A737-7D4A09E3A3F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\Software\uTorrentControl_v6
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A87CB3E3-4DB9-439D-B96B-576F5AE8459D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-GB)

File : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\prefs.js

C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\user.js ... Deleted !

Deleted : user_pref("CT3289075.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM3MzQ0OTYzMywidXVpZCI6MTE1NzE2Njg1MzY1NzgyLCJ[...]
Deleted : user_pref("CT3289075.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289075.FF19Solved", "true");
Deleted : user_pref("CT3289075.FirstTime", "true");
Deleted : user_pref("CT3289075.FirstTimeFF3", "true");
Deleted : user_pref("CT3289075.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3289075.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3289075.UserID", "UN25147721351065117");
Deleted : user_pref("CT3289075.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289075.autoDisableScopes", -1);
Deleted : user_pref("CT3289075.cb_user_id_000.enc", "Q0I5OTQxMjI0NjY1NjNfMTM3MDM3OTA2NDM2MF9GaXJlZm94");
Deleted : user_pref("CT3289075.cbfirsttime.enc", "U3VuIE1heSAyNiAyMDEzIDE4OjI2OjM0IEdNVCsxMjAwIChOZXcgWmVhbGFu[...]
Deleted : user_pref("CT3289075.defaultSearch", "false");
Deleted : user_pref("CT3289075.embeddedsData", "[{\"appId\":\"130064539389933152\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3289075.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3289075.enableSearchFromAddressBar", "false");
Deleted : user_pref("CT3289075.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289075.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3289075.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289075.fixUrls", true);
Deleted : user_pref("CT3289075.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l[...]
Deleted : user_pref("CT3289075.installDate", "28/4/2013 13:35:23");
Deleted : user_pref("CT3289075.installType", "xpe");
Deleted : user_pref("CT3289075.installUsage", "28/4/2013 13:50:09");
Deleted : user_pref("CT3289075.installUsageEarly", "28/4/2013 13:50:09");
Deleted : user_pref("CT3289075.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289075.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289075.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289075.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289075.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3289075.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3289075.mam_gk_appStateReportTime.enc", "MTM3MzUxNjI4MDY5OA==");
Deleted : user_pref("CT3289075.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289075.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289075.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289075.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3289075.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
Deleted : user_pref("CT3289075.mam_gk_currentVersion.enc", "MS44LjAuNA==");
Deleted : user_pref("CT3289075.mam_gk_eventsCache.enc", "eyI4ZTFjMmY2My0xODhiLTRiNjMtODhhYS1iMjg3NmMyMGExMDEiO[...]
Deleted : user_pref("CT3289075.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289075.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Deleted : user_pref("CT3289075.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289075.mam_gk_lastLoginTime.enc", "MTM3MzUxNjI4MDM2Mw==");
Deleted : user_pref("CT3289075.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289075.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.mam_gk_settings1.5.0.3.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289075.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289075.mam_gk_settings1.6.0.99.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVy[...]
Deleted : user_pref("CT3289075.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289075.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289075.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289075.mam_gk_userId.enc", "M2YwYmYwOTItYzJjNi00N2I3LWFmYTItY2M4YjQ1YTBhYmRj");
Deleted : user_pref("CT3289075.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289075.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\".\",\"EB_MAIN_FRAME_URL\":\"hxxp[...]
Deleted : user_pref("CT3289075.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.openThankYouPage", "true");
Deleted : user_pref("CT3289075.openUninstallPage", "false");
Deleted : user_pref("CT3289075.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3289075.revertSettingsEnabled", "FALSE");
Deleted : user_pref("CT3289075.search.searchAppId", "130064539389933152");
Deleted : user_pref("CT3289075.search.searchCount", "0");
Deleted : user_pref("CT3289075.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT3289075.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289075.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289075.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289075.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289075.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289075.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373516395359");
Deleted : user_pref("CT3289075.serviceLayer_services_appsMetadata_lastUpdate", "1373516277572");
Deleted : user_pref("CT3289075.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373516395310");
Deleted : user_pref("CT3289075.serviceLayer_services_location_lastUpdate", "1373516395934");
Deleted : user_pref("CT3289075.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369684466600");
Deleted : user_pref("CT3289075.serviceLayer_services_login_10.15.0.62_lastUpdate", "1367390330669");
Deleted : user_pref("CT3289075.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373516397108");
Deleted : user_pref("CT3289075.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373516395336");
Deleted : user_pref("CT3289075.serviceLayer_services_searchAPI_lastUpdate", "1373516397833");
Deleted : user_pref("CT3289075.serviceLayer_services_serviceMap_lastUpdate", "1373516394975");
Deleted : user_pref("CT3289075.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373516395286");
Deleted : user_pref("CT3289075.serviceLayer_services_toolbarSettings_lastUpdate", "1373523478065");
Deleted : user_pref("CT3289075.serviceLayer_services_translation_lastUpdate", "1373516395535");
Deleted : user_pref("CT3289075.settingsINI", true);
Deleted : user_pref("CT3289075.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289075.showToolbarPermission", "false");
Deleted : user_pref("CT3289075.smartbar.CTID", "CT3289075");
Deleted : user_pref("CT3289075.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289075.smartbar.toolbarName", "uTorrentControl_v6 ");
Deleted : user_pref("CT3289075.startPage", "false");
Deleted : user_pref("CT3289075.toolbarBornServerTime", "30-4-2013");
Deleted : user_pref("CT3289075.toolbarCurrentServerTime", "11-7-2013");
Deleted : user_pref("CT3289075.toolbarLoginClientTime", "Tue Apr 30 2013 13:31:46 GMT+1200 (New Zealand Standa[...]
Deleted : user_pref("CT3289075.url_history0001.enc", "aHR0cHM6Ly9zZWN1cmUuMmRlZ3JlZXNtb2JpbGUuY28ubnovd2ViL2lw[...]
Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("smartbar.machineId", "OPHRXZKFZ0QCU8OA+SQPWQHSYUL0QRXQNIN5ND7QPRSH763MLTHW0TLO67T/EYJWIR/[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [24523 octets] - [12/07/2013 20:56:31]

########## EOF - C:\AdwCleaner[S1].txt - [24584 octets] ##########



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 July 2013 - 04:09 AM

Looks good

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 12 July 2013 - 06:00 AM

C:\Users\Steven\AppData\Local\Temp\NERO20100709115641857\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A application
C:\Users\Steven\Desktop\Downloaded Software\[ Adobe Acrobat X Pro v10.1.4\Keygen\Keygen.exe a variant of Win32/Keygen.DO application
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 July 2013 - 08:02 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 12 July 2013 - 08:18 AM

Both AdwCleaner and cleanup content follow:

 

# AdwCleaner v2.305 - Logfile created 07/13/2013 at 01:06:13
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Steven - STEVEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Steven\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-GB)

File : C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\8h4met2a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [24654 octets] - [12/07/2013 20:56:31]
AdwCleaner[S2].txt - [1009 octets] - [13/07/2013 01:06:13]

########## EOF - C:\AdwCleaner[S2].txt - [1069 octets] ##########

 

 

 

 Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
ESET NOD32 Antivirus 5.0  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 20 
 Java 7 Update 11 
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 21.0 Firefox out of Date! 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 July 2013 - 10:02 AM

Then you´re all clean now! :)

 

 

Java update


Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader update


Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Mozilla Firefox update

Your Firefox browser is outdated. Please follow these instructions to update it:

  • Get the actual firefox from here.
  • Run setup and follow the instructions on your monitor.
  • Report any problems you have with the update.

 

 

 

 

Uninstall our tools.
Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Reading Material
How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 sajb

sajb
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 13 July 2013 - 05:17 AM

Thank You Marius for your help and your time.

 

Everything went well, the only thing is some of the features for my work software had disappered, but should be able to get back with a techinician, no problem.

 

Thanks again, your a gem :)

Steven



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 14 July 2013 - 08:39 AM

You´re welcome! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users