Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected by Pop-Ups and Random Locking Up


  • This topic is locked This topic is locked
12 replies to this topic

#1 ryankaufmann

ryankaufmann

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 03 September 2013 - 06:10 PM

I believe my computer has some type of Malware or Trojan. I downloaded Malwarebytes and it locks up halfway through the scan everytime. I am getting random video pop-ups, random computer locking and when I start the computer there is pop up box saying that a file cannot find a specific program to open with. Below are my logs from dds (I also attached them). Thank you for all of your help!!!!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_33
Run by The Kaufmanns at 17:59:17 on 2013-09-03
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3062.1673 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\STacSV.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\System32\bcmwltry.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = Preserve
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\users\the kaufmanns\appdata\local\toparcadehits\Toparcadehits.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [TouchFreeze] c:\users\the kaufmanns\appdata\local\programs\touchfreeze\TouchFreeze.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
StartupFolder: c:\users\thekau~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\btguar~1.lnk - c:\btguard\settings.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\2375942554730343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\24F42544542535 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\3545C43434 : DHCPNameServer = 10.51.20.112 10.51.20.111 10.19.80.103 10.178.10.14
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\5507075627445636B6E45647 : DHCPNameServer = 192.168.0.1 192.168.1.1
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\5507075627445636B6E45647D27657563747 : DHCPNameServer = 192.168.0.1 192.168.33.1
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\77562637475627D277966696 : DHCPNameServer = 10.0.20.100
TCP: Interfaces\{7DE4FE5C-E671-43B3-8F6D-98B05671F4BB}\E4544574541425 : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\the kaufmanns\appdata\roaming\mozilla\firefox\profiles\qa5agczn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN46468295018052180&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN46468295018052180&UM=2&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN46468295018052180&UM=2&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\users\the kaufmanns\appdata\roaming\mozilla\firefox\profiles\qa5agczn.default\extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}\plugins\np-mswmp.dll
FF - plugin: c:\users\the kaufmanns\appdata\roaming\mozilla\firefox\profiles\qa5agczn.default\extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-17 10:21; fmconverter@gmail.com; c:\program files\freemake\freemake video converter\browserplugin\Firefox
FF - ExtSQL: 2013-08-17 10:26; {8480b7b1-a45c-4feb-8653-60f834f7ca4b}; c:\users\the kaufmanns\appdata\roaming\mozilla\firefox\profiles\qa5agczn.default\extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}
FF - ExtSQL: !HIDDEN! 2009-12-30 00:04; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=b447dd5992304cd58113b85b89af58e2&tu=11JL000822B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=b447dd5992304cd58113b85b89af58e2&tu=11JL000822B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=b447dd5992304cd58113b85b89af58e2&tu=11JL000822B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=b447dd5992304cd58113b85b89af58e2&tu=11JL000822B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 6edb0b0a000000000000001f3a379fb6
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15838
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1617:09:30
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118041888040894-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-12-29 73728]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-5 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-5 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-8 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-5 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-2-24 40776]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
.
=============== Created Last 30 ================
.
2013-09-03 01:53:23 7166848 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8bef9135-05c2-4335-a476-c90b40549856}\mpengine.dll
2013-08-29 01:24:47 7166848 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-26 00:18:02 -------- d-sh--w- C:\found.005
2013-08-23 03:08:59 697992 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ec501517-0096-4421-b806-a1d7a1b8e647}\gapaengine.dll
2013-08-21 01:48:04 -------- d-----w- C:\ComboFix
2013-08-21 01:13:12 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-21 00:59:40 -------- d-sh--w- C:\found.004
2013-08-17 15:27:59 -------- d-----w- c:\users\the kaufmanns\appdata\local\Conduit
2013-08-17 15:27:33 -------- d-----w- c:\users\the kaufmanns\appdata\local\CRE
2013-08-17 15:27:31 -------- d-----w- c:\program files\Conduit
2013-08-17 15:26:17 -------- d-----w- c:\users\the kaufmanns\appdata\roaming\SearchProtect
2013-08-17 15:21:39 -------- d-----w- c:\programdata\Freemake
2013-08-17 15:21:13 -------- d-----w- c:\users\the kaufmanns\appdata\roaming\OpenCandy
2013-08-17 15:21:13 -------- d-----w- c:\program files\Freemake
2013-08-17 15:20:36 -------- d-----w- c:\users\the kaufmanns\appdata\roaming\DefaultTab
2013-08-17 15:19:59 -------- d-----w- c:\users\the kaufmanns\appdata\local\TopArcadeHits
2013-08-17 15:11:42 -------- d-----w- c:\programdata\6EE6AEC08FB50B0A00006EE63FE515D0
.
==================== Find3M  ====================
.
2013-08-29 02:53:01 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-21 03:56:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 03:56:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:00:54.56 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/29/2009 11:43:51 PM
System Uptime: 9/3/2013 5:26:01 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0U023C
Processor: Intel® Core™2 Duo CPU     T5550  @ 1.83GHz | Microprocessor | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 54.913 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.444 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP815: 8/10/2013 3:00:18 AM - Windows Update
RP816: 8/11/2013 3:00:10 AM - Windows Update
RP817: 8/12/2013 3:00:14 AM - Windows Update
RP818: 8/14/2013 3:00:16 AM - Windows Update
RP819: 8/16/2013 3:00:11 AM - Windows Update
RP820: 8/17/2013 10:22:02 AM - Device Driver Package Install: Anchorfree Inc Network Service
RP821: 8/17/2013 10:22:59 AM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters
RP822: 8/17/2013 10:28:44 AM - Removed IObit Apps Toolbar v7.4.
RP823: 8/18/2013 3:00:13 AM - Windows Update
RP824: 8/19/2013 3:00:12 AM - Windows Update
RP825: 8/20/2013 3:00:18 AM - Windows Update
RP826: 8/20/2013 9:00:38 PM - Restore Operation
RP827: 8/20/2013 10:53:40 PM - Windows Update
RP828: 8/21/2013 5:20:16 PM - Windows Update
RP829: 8/21/2013 5:20:20 PM - Removed IObit Apps Toolbar v7.4.
RP830: 8/22/2013 10:01:38 PM - Windows Update
RP831: 8/24/2013 8:18:10 AM - Windows Update
RP832: 8/24/2013 3:23:25 PM - Windows Update
RP833: 8/25/2013 7:42:06 PM - Windows Update
RP834: 8/28/2013 8:23:56 PM - Windows Update
RP835: 8/28/2013 9:47:11 PM - Removed IObit Apps Toolbar v7.4.
RP836: 8/28/2013 10:16:47 PM - Windows Update
RP837: 8/29/2013 4:09:29 PM - Windows Update
RP838: 8/30/2013 3:00:18 AM - Windows Update
RP839: 9/2/2013 8:53:14 PM - Windows Update
RP840: 9/3/2013 5:30:32 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Advanced Audio FX Engine
Advanced Video FX Engine
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
BTGuard 2.5
BTGuard 2.6
BufferChm
C7200
C7200_doccd
c7200_Help
calibre
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Collectorz.com Comic Collector
Conexant HDA D330 MDC V.92 Modem
Copy
CopyTrans Suite
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Fax
Free FLAC to MP3 Converter 1.0
Freemake Video Converter version 4.0.3
Google Chrome
Google Earth Plug-in
Google Update Helper
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing 4.60
HP Update
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 6 Update 33
Java™ 6 Update 4
Laptop Integrated Webcam Driver (1.03.02.0719) 
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
MediaMonkey 4.0
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Music, Photos & Videos Launcher
NetDeviceManager
NetWaiting
PanoStandAlone
Picasa 3
POWERPREP II
Product Documentation Launcher
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SmartWebPrinting
Sonic Activation Module
Status
Toolbox
TouchFreeze
TrayApp
TuneUp 2.4.6.4
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
WebReg
Windows 7 Upgrade Advisor
Windows 7 USB/DVD Download Tool
WinRAR archiver
XBMC
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/3/2013 5:31:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 (KB976932).
9/3/2013 5:31:21 PM, Error: Microsoft-Windows-Service Pack Installer [8]  - Service Pack installation failed with error code 0x80070026.
9/3/2013 5:28:57 PM, Error: Service Control Manager [7000]  - The BCM42RLY service failed to start due to the following error:  The system cannot find the file specified.
8/29/2013 6:47:42 PM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
8/28/2013 6:29:33 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 1.157.549.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 1.1.9800.0   Error code: 0x8024402c   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/28/2013 10:44:24 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
8/28/2013 10:44:24 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
8/28/2013 10:37:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00008086 (0x00000000, 0x00000000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082813-30778-01.
8/27/2013 9:34:16 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 9:34:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/27/2013 9:34:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/27/2013 9:34:14 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/27/2013 9:34:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/27/2013 9:34:02 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/27/2013 9:33:54 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6
.
==== End Of File ===========================

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 08 September 2013 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 ryankaufmann

ryankaufmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 September 2013 - 09:30 PM

Thanks for your help.

The pop-ups are gone, but I am still experiencing some lockups if my computer sits for an extended period of time. Also during startup there the icons on my desktop take a long time to appear and there is a file that keeps trying to open, but it can't find a program to open it. Here are the logs from my tests.

 

RogueKiller V8.6.9 [Sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : The Kaufmanns [Admin rights]
Mode : Scan -- Date : 09/08/2013 16:58:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TouchFreeze (C:\Users\The Kaufmanns\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-867268249-1218041154-439709908-1000\[...]\Run : TouchFreeze (C:\Users\The Kaufmanns\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [-]) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] TopArcadeHits.job : C:\Users\The Kaufmanns\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND
[V2][SUSP PATH] TopArcadeHits : C:\Users\The Kaufmanns\AppData\Local\TopArcadeHits\updater.exe [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\The Kaufmanns\AppData\Local\Google\Desktop\Install [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Program Files\Google\Desktop\Install [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6FD8C4)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6FD8C4)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6E947C)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6E944E)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6E94AA)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6F8DB2)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\system32\DRIVERS\iaStor.sys -> HOOKED ([Address] C:\Windows\system32\DRIVERS\ataport.SYS @ 0x8B6F8D7E)

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-75UST0 +++++
--- User ---
[MBR] c5058a6cf9c0a9c4d13a1334ff9ebdc0
[BSP] 7bbe13a9254adb3703e35dbeac8323ea : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20561920 | Size: 225874 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 483153920 | Size: 2559 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09082013_165819.txt >>

 

 

# AdwCleaner v3.003 - Report created 08/09/2013 at 17:00:55
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : The Kaufmanns - THEKAUFMANNS-PC
# Running from : C:\Users\The Kaufmanns\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\searchplugins\zonealarm.xml
File Found : C:\Users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\user.js
Folder Found : C:\Users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}
Folder Found C:\Program Files\Common Files\spigot
Folder Found C:\Program Files\Conduit
Folder Found C:\Users\The Kaufmanns\AppData\Local\Conduit
Folder Found C:\Users\The Kaufmanns\AppData\Local\cre
Folder Found C:\Users\The Kaufmanns\AppData\LocalLow\Conduit
Folder Found C:\Users\The Kaufmanns\AppData\LocalLow\PriceGong
Folder Found C:\Users\The Kaufmanns\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\The Kaufmanns\AppData\Roaming\DefaultTab
Folder Found C:\Users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\CT3309758
Folder Found C:\Users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\Smartbar
Folder Found C:\Users\The Kaufmanns\AppData\Roaming\OpenCandy
Folder Found C:\Users\The Kaufmanns\AppData\Roaming\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309758
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\prefs.js ]

Line Found : user_pref("CT3309758.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3309758.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3309758.1000234.TWC_TMP_city", "SAINT LOUIS");
Line Found : user_pref("CT3309758.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3309758.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3309758.1000234.TWC_locId", "USMO0787");
Line Found : user_pref("CT3309758.1000234.TWC_location", "Saint Louis, MO");
Line Found : user_pref("CT3309758.1000234.TWC_region", "US");
Line Found : user_pref("CT3309758.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3309758.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3309758.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3309758.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3309758.FF19Solved", "true");
Line Found : user_pref("CT3309758.FirstTime", "true");
Line Found : user_pref("CT3309758.FirstTimeFF3", "true");
Line Found : user_pref("CT3309758.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3Njc1MzIyMQ==");
Line Found : user_pref("CT3309758.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3Njc1MzI1Nw==");
Line Found : user_pref("CT3309758.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mg==");
Line Found : user_pref("CT3309758.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3Njc1MzMxMg==");
Line Found : user_pref("CT3309758.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3309758.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3309758.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3309758.SF_USER_ID.enc", "Y2lkXzE3ODIwMTMxMDI3MTQ5MTU3NDU=");
Line Found : user_pref("CT3309758.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN46468295018052180&UM=2&q=");
Line Found : user_pref("CT3309758.UserID", "UN46468295018052180");
Line Found : user_pref("CT3309758.acp_personal.appstate.enc", "ZW5hYmxl");
Line Found : user_pref("CT3309758.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3309758.autoDisableScopes", -1);
Line Found : user_pref("CT3309758.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3309758.cbfirsttime.enc", "U2F0IEF1ZyAxNyAyMDEzIDEwOjI3OjAyIEdNVC0wNTAwIChDZW50cmFsIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3309758.countryCode", "US");
Line Found : user_pref("CT3309758.defaultSearch", "true");
Line Found : user_pref("CT3309758.embeddedsData", "[{\"appId\":\"130189639317126526\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3309758.enableAlerts", "true");
Line Found : user_pref("CT3309758.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3309758.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3309758.fixPageNotFoundError", "true");
Line Found : user_pref("CT3309758.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3309758.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3309758.fixUrls", true);
Line Found : user_pref("CT3309758.fullUserID", "UN46468295018052180.IN.20130817102615");
Line Found : user_pref("CT3309758.installDate", "17/08/2013 10:26:14");
Line Found : user_pref("CT3309758.installId", "cidoc");
Line Found : user_pref("CT3309758.installSessionId", "{E6797D32-A5AE-4383-9548-5ECED00CD667}");
Line Found : user_pref("CT3309758.installSp", "TRUE");
Line Found : user_pref("CT3309758.installType", "conduitnsisintegration");
Line Found : user_pref("CT3309758.installUsage", "2013-08-17T18:26:59.8102632+03:00");
Line Found : user_pref("CT3309758.installUsageEarly", "2013-08-17T18:26:58.6090324+03:00");
Line Found : user_pref("CT3309758.installerVersion", "1.5.4.5");
Line Found : user_pref("CT3309758.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3309758.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3309758.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3309758.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3309758.keyword", "true");
Line Found : user_pref("CT3309758.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3309758&octid=CT3309758&SearchSource=15&CUI=UN46468295018052180&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3309758.lastVersion", "10.16.9.6");
Line Found : user_pref("CT3309758.mam_gk_appStateReportTime.enc", "MTM3ODY3NzUxOTU4Mw==");
Line Found : user_pref("CT3309758.mam_gk_appState_ACplus.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3309758.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Found : user_pref("CT3309758.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3309758.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3309758.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNTE0ZTU4ZjMtMzUxZS00YTM4LWFmOTctODVmN2RjY2RiYmRjIiwiZG9tYWlucyI6WyI[...]
Line Found : user_pref("CT3309758.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3309758.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3309758.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3309758.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3309758.mam_gk_lastLoginTime.enc", "MTM3ODY3NzUxODc1OA==");
Line Found : user_pref("CT3309758.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3309758.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3309758.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3309758.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Found : user_pref("CT3309758.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTU1XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Found : user_pref("CT3309758.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3309758.mam_gk_userId.enc", "YjUzODM5OGItMjVkNy00NjhhLWEzMTItZjg1MjUzYzIzNDdm");
Line Found : user_pref("CT3309758.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3309758.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3309758.migrateAppsAndComponents", true);
Line Found : user_pref("CT3309758.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://TrustWorthyToolbar.OurToolbar.com/\",\[...]
Line Found : user_pref("CT3309758.openThankYouPage", "false");
Line Found : user_pref("CT3309758.openUninstallPage", "true");
Line Found : user_pref("CT3309758.originalHomepage", "hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=b447dd5992304cd58113b85b89af58e2&tu=11JL000822B000s&sku=&tstsId=&ver=&");
Line Found : user_pref("CT3309758.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Line Found : user_pref("CT3309758.originalSearchEngine", "Yahoo");
Line Found : user_pref("CT3309758.originalSearchEngineName", "Yahoo");
Line Found : user_pref("CT3309758.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3309758.revertSettingsEnabled", "true");
Line Found : user_pref("CT3309758.search.searchAppId", "130189639317126526");
Line Found : user_pref("CT3309758.search.searchCount", "0");
Line Found : user_pref("CT3309758.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3309758.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3309758.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3309758.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3309758.searchRevert", "true");
Line Found : user_pref("CT3309758.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3309758.searchUserMode", "2");
Line Found : user_pref("CT3309758.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3309758\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://TrustWorthyToolbar.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"TrustWorthy\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3309758.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3309758.serviceLayer_services_Configuration_lastUpdate", "1376753208261");
Line Found : user_pref("CT3309758.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376753210092");
Line Found : user_pref("CT3309758.serviceLayer_services_appsMetadata_lastUpdate", "1376753210021");
Line Found : user_pref("CT3309758.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376753209812");
Line Found : user_pref("CT3309758.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1376753208515");
Line Found : user_pref("CT3309758.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1376753210084");
Line Found : user_pref("CT3309758.serviceLayer_services_login_10.16.9.6_lastUpdate", "1376753210589");
Line Found : user_pref("CT3309758.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376753209891");
Line Found : user_pref("CT3309758.serviceLayer_services_searchAPI_lastUpdate", "1376753208521");
Line Found : user_pref("CT3309758.serviceLayer_services_serviceMap_lastUpdate", "1376753208065");
Line Found : user_pref("CT3309758.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376753209711");
Line Found : user_pref("CT3309758.serviceLayer_services_toolbarSettings_lastUpdate", "1376753208287");
Line Found : user_pref("CT3309758.serviceLayer_services_translation_lastUpdate", "1376753209998");
Line Found : user_pref("CT3309758.settingsINI", true);
Line Found : user_pref("CT3309758.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3309758.showToolbarPermission", "false");
Line Found : user_pref("CT3309758.smartbar.CTID", "CT3309758");
Line Found : user_pref("CT3309758.smartbar.Uninstall", "0");
Line Found : user_pref("CT3309758.smartbar.homepage", "true");
Line Found : user_pref("CT3309758.smartbar.toolbarName", "TrustWorthy ");
Line Found : user_pref("CT3309758.startPage", "true");
Line Found : user_pref("CT3309758.toolbarBornServerTime", "17-8-2013");
Line Found : user_pref("CT3309758.toolbarCurrentServerTime", "17-8-2013");
Line Found : user_pref("CT3309758.toolbarLoginClientTime", "Sat Aug 17 2013 10:26:50 GMT-0500 (Central Daylight Time)");
Line Found : user_pref("CT3309758.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Found : user_pref("CT3309758.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3309758.xpeMode", "3");
Line Found : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378677563706,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN46468295018052180&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=668083&p=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309758");
Line Found : user_pref("browser.search.defaultenginename", "TrustWorthy Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "TrustWorthy Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN46468295018052180&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN46468295018052180&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3309758");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309758&CUI=UN46468295018052180&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN46468295018052180&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309758");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3309758");
Line Found : user_pref("smartbar.machineId", "/FRCVT0CUQNL0ATHCOV+P1IKUBB/STGFCGQL4LMGEMBKVHIPA/JZSNOVQKWNZPOTLJC0AV40EPCIMILJYW6IIA");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\The Kaufmanns\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18802 octets] - [08/09/2013 17:00:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18863 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Home Premium x86
Ran by The Kaufmanns on Sun 09/08/2013 at 17:07:12.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1F34A257-F60B-4959-8CE7-621EA26BDA78}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6B8A7EB2-2461-4E68-A890-5553EA639E6A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\The Kaufmanns\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Users\The Kaufmanns\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"

 

~~~ FireFox

Successfully deleted: [Folder] C:\Users\The Kaufmanns\AppData\Roaming\mozilla\firefox\profiles\qa5agczn.default\extensions\{0113d088-8ed1-468c-b225-585a9c53b5e3}
Emptied folder: C:\Users\The Kaufmanns\AppData\Roaming\mozilla\firefox\profiles\qa5agczn.default\minidumps [3 files]

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\The Kaufmanns\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/08/2013 at 17:09:55.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ComboFix 13-09-08.02 - The Kaufmanns 09/08/2013  17:24:21.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3062.2138 [GMT -5:00]
Running from: c:\users\The Kaufmanns\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\svchost
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\~DFK297761.tmp
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\bass.dll
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\peaadje.dll
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\Fonts\kaiu.ttf
c:\windows\system32\service
c:\windows\system32\service\01092009_TIS17_SfFniAU.log
c:\windows\system32\service\10082009_TIS17_SfFniAU.log
c:\windows\system32\service\18052009_TIS17_SfFniAU.log
c:\windows\system32\service\18082009_TIS17_SfFniAU.log
c:\windows\system32\service\19072009_TIS17_SfFniAU.log
c:\windows\system32\service\29082009_TIS17_SfFniAU.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-08 22:31 . 2013-09-08 22:40 -------- d-----w- c:\users\The Kaufmanns\AppData\Local\temp
2013-09-08 22:31 . 2013-09-08 22:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-08 22:31 . 2013-09-08 22:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-08 22:31 . 2013-09-08 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-08 22:12 . 2013-09-08 22:12 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85F07FF7-672B-4345-9497-81C99AAA0C3F}\MpKsld7ae858a.sys
2013-09-08 22:07 . 2013-09-08 22:07 -------- d-----w- c:\windows\ERUNT
2013-09-08 22:00 . 2013-09-08 22:04 -------- d-----w- C:\AdwCleaner
2013-09-08 16:47 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85F07FF7-672B-4345-9497-81C99AAA0C3F}\mpengine.dll
2013-09-07 13:05 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 01:01 . 2013-09-06 01:00 718712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05AC4C28-42BE-45A4-8B7C-2E5FA8884F28}\gapaengine.dll
2013-08-26 00:18 . 2013-08-26 00:18 -------- d-----w- C:\found.005
2013-08-21 01:13 . 2013-08-21 01:13 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-21 00:59 . 2013-08-21 00:59 -------- d-----w- C:\found.004
2013-08-17 15:21 . 2013-08-17 15:23 -------- d-----w- c:\programdata\Freemake
2013-08-17 15:21 . 2013-08-21 03:43 -------- d-----w- c:\program files\Freemake
2013-08-17 15:11 . 2013-08-21 22:17 -------- d-----w- c:\programdata\6EE6AEC08FB50B0A00006EE63FE515D0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-29 02:53 . 2013-02-24 18:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-23 03:08 . 2011-03-26 04:15 697992 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-21 03:56 . 2012-04-18 00:57 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 03:56 . 2011-05-18 00:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-16 00:35 . 2013-03-04 01:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
.
c:\users\The Kaufmanns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BTGuard Updates.lnk - c:\btguard\settings.exe update [2011-11-15 1254912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-8 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^The Kaufmanns^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\The Kaufmanns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^The Kaufmanns^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\The Kaufmanns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-01-25 05:42 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 22:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 19:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 17:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 16:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-11-12 11:07 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 gmvapgqm;gmvapgqm;c:\windows\system32\drivers\gmvapgqm.sys [x]
R1 rvadfzgq;rvadfzgq;c:\windows\system32\drivers\rvadfzgq.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-08-29 40776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-10 37064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 1343400]
S1 MpKsld7ae858a;MpKsld7ae858a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85F07FF7-672B-4345-9497-81C99AAA0C3F}\MpKsld7ae858a.sys [2013-09-08 29904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-07 111616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ    HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 01:06 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 03:56]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-25 14:05]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-25 14:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\The Kaufmanns\AppData\Roaming\Mozilla\Firefox\Profiles\qa5agczn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ff
FF - ExtSQL: 2013-08-17 10:21; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: !HIDDEN! 2009-12-30 00:04; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-09-08  17:45:25 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-08 22:45
ComboFix2.txt  2009-09-05 15:14
ComboFix3.txt  2009-09-05 14:46
ComboFix4.txt  2009-09-05 02:37
.
Pre-Run: 43,246,190,592 bytes free
Post-Run: 43,140,952,064 bytes free
.
- - End Of File - - 25837296BF48CCE0E5EADBEC48A6358A
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 10 September 2013 - 09:09 AM

but I am still experiencing some lockups if my computer sits for an extended period of time

This error may be the reason. HAL is referring to Hardware. Is your Battery showing a good reading?
8/29/2013 6:47:42 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Look at your Power Options and remove any setting where the computer would go to Standby or Sleep.
Restart the computer normally.
===
 

Also during startup there the icons on my desktop take a long time to appear and there is a file that keeps trying to open, but it can't find a program to open it.

Is the Icon and the file related?
Do you see what file is trying to open.

Do you need to start this at startup?

StartupFolder: c:\users\thekau~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\btguar~1.lnk - c:\btguard\settings.exe
===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#5 ryankaufmann

ryankaufmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 16 September 2013 - 06:30 PM

Here is the security check log:

 Results of screen317's Security Check version 0.99.73 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 TuneUp 2.4.6.4   
 CCleaner    
 Java™ 6 Update 33 
 Java™ 6 Update 4 
 Java version out of Date!
 Adobe Flash Player  11.8.800.168 
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox 19.0 Firefox out of Date! 
 Google Chrome 29.0.1547.62 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 

 

The file that was trying to open while starting my computer has not happened again. I have been trying to replicate, but it hasn't done it so that is great! I still feel like my system is running a little sluggish at startup, but maybe it is just since my computer is around 7 years old.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 17 September 2013 - 07:46 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u40 was released on Sept 10. 2013.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 6 Update 33
Java 6 Update 4


Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

For you added security install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1

Click the Out of date service pack!! on the SecurityCheck log and update your Service Pack.
<<<>>>

When the SP1 has been installed start the Windows Update. Install all the recommended updates.

Keep me posted.

#7 ryankaufmann

ryankaufmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 18 September 2013 - 09:17 PM

Okay, it seems as if my computer is getting worse. I completely deleted Java from my computer since I really didn't use it. I tried to update Adobe and it kept coming back as an error and wouldn't work. I then tried to update the Windows service pack. It downloaded part 1 fine, but then stalled out on part 2. Now my computer won't let me get online even though I am connected to the network. My computer also keeps freezing if I leave it run without doing anything for longer than 10 minutes even though all of my settings are set to keep if from sleeping, hibernate and standby. Since I can't get on the internet, I am writing you this from the guest account on my laptop. What would you suggest me to do? I'm very sorry....I though this would be an easy fix : (



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 19 September 2013 - 10:35 AM

Can you restore your computer to a date prior to removing Java?

Or possibly a restore point was set when you tried to install SP1.

#9 ryankaufmann

ryankaufmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 22 September 2013 - 06:15 PM

I did a restore to 4 days ago, but my internet (Internet Explorer, Chrome and Firefox) is still not working on my main user side of the computer. I have to login to my computer as a guest in order to get online.

It seems like the main user side of my computer is running more smoothly, but I can't get online and still locks up if I leave the computer on idle for and extended period of time.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 23 September 2013 - 07:40 AM


Try this on the good profile.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
<<<>>>

If that fails to restore the Internet run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • [b]Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Keep me posted.

#11 ryankaufmann

ryankaufmann
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 23 September 2013 - 09:35 PM

You are awesome! Internet is back up and running on my regular user side. I copied the MiniToolbox program to a sd card so I could run it on the side that hasn't been working and it worked. Here is a copy of the log in case you wanted to see it.

MiniToolBox by Farbar  Version: 13-07-2013
Ran by The Kaufmanns (administrator) on 23-09-2013 at 21:29:42
Running from "C:\Users\The Kaufmanns\Desktop"
Microsoft Windows 7 Home Premium   (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:49156;https=127.0.0.1:49156

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****

 

I think the only problem that I am still experiencing is that the computer locks up when it has been idling for 5-10 minutes. There is a red "x" next to the battery at all times even when it is plugged in. I have been using the computer without the adapter and it works like normal, but for some reason this "x" is showing up. Do you think this has something to do with my computer locking up? All of my settings are set so it doesn't hibernate or go to sleep.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 24 September 2013 - 07:54 AM

I think the only problem that I am still experiencing is that the computer locks up when it has been idling for 5-10 minutes. There is a red "x" next to the battery at all times even when it is plugged in. I have been using the computer without the adapter and it works like normal, but for some reason this "x" is showing up. Do you think this has something to do with my computer locking up? All of my settings are set so it doesn't hibernate or go to sleep.


I suspect that the Battery is the cause or some Power options.

I suggest you start a new topic in the Windows 7 Forum http://www.bleepingcomputer.com/forums/forum167.html as this is no longer a malware issue.
Someone with more experience in hardware problem will be able to help you better than I can.

===


Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful addons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 AM

Posted 30 September 2013 - 08:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users