Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible IRP Hook after PC failed to boot


  • This topic is locked This topic is locked
19 replies to this topic

#1 GBayliss

GBayliss

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 20 September 2013 - 06:46 AM

A couple of days ago my PC froze while booting, and after a couple of attempts I let Windows Repair "attempt to fix the problem that is preventing Windows from starting.".

 

This appeared to have solved the problem as the PC booted normally after re-start.

 

However an AVG report flashed up that there were 68 medium rootkit viruses detected.  This has now risen to 90+ when I scan.

 

the most recent virus-scan:

 

 "";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spoe.sys +0x625DC, C:\Windows\System32\Drivers\spoe.sys";"Infected"

"";"pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spoe.sys +0x62650, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_WRITE -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_SHUTDOWN -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_SET_VOLUME_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_SET_SECURITY -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_SET_QUOTA -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_SET_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_SET_EA -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_READ -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_SECURITY -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_QUOTA -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_QUERY_EA -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_PNP -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_LOCK_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_FLUSH_BUFFERS -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_FILE_SYSTEM_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_DIRECTORY_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_DEVICE_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_CREATE -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_CLOSE -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\Ntfs IRP_MJ_CLEANUP -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_WRITE -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_SHUTDOWN -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_SET_VOLUME_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_SET_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_SET_EA -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_READ -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_QUERY_VOLUME_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_QUERY_INFORMATION -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_QUERY_EA -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_PNP -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_LOCK_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_FLUSH_BUFFERS -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_FILE_SYSTEM_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_DIRECTORY_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_DEVICE_CONTROL -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_CREATE -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_CLOSE -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \FileSystem\fastfat IRP_MJ_CLEANUP -> spoe.sys +0x3FB68, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_WRITE -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_SYSTEM_CONTROL -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_SHUTDOWN -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_READ -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_POWER -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_PNP -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_INTERNAL_DEVICE_CONTROL -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_FLUSH_BUFFERS -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_DEVICE_CONTROL -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_CREATE -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\volmgr IRP_MJ_CLEANUP -> spoe.sys +0x40B00, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_WRITE -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SYSTEM_CONTROL -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SHUTDOWN -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SET_VOLUME_INFORMATION -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SET_SECURITY -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SET_QUOTA -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SET_INFORMATION -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_SET_EA -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_READ -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_QUERY_VOLUME_INFORMATION -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_QUERY_SECURITY -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_QUERY_QUOTA -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_QUERY_INFORMATION -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_QUERY_EA -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_POWER -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_PNP -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_LOCK_CONTROL -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_INTERNAL_DEVICE_CONTROL -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_FLUSH_BUFFERS -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_FILE_SYSTEM_CONTROL -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_DIRECTORY_CONTROL -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_DEVICE_CONTROL -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_DEVICE_CHANGE -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_CREATE_NAMED_PIPE -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_CREATE_MAILSLOT -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_CREATE -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_CLOSE -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\sptd IRP_MJ_CLEANUP -> spoe.sys +0x2C000, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_SYSTEM_CONTROL -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_POWER -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_PNP -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CONTROL -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_CREATE -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_CLOSE -> spoe.sys +0x413C4, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"Inline hook ataport.SYS DllUnload -> spoe.sys +0x5E360, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"atapi.sys, hooked import ataport.SYS AtaPortWritePortUchar -> spoe.sys +0x2DA24, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"atapi.sys, hooked import ataport.SYS AtaPortWritePortBufferUshort -> spoe.sys +0x2DBA0, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"atapi.sys, hooked import ataport.SYS AtaPortReadPortUchar -> spoe.sys +0x2D224, C:\Windows\System32\Drivers\spoe.sys";"Infected"
"";"atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spoe.sys +0x2D35C, C:\Windows\System32\Drivers\spoe.sys";"Infected"
 
 
This is the DDS report:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16450  BrowserJavaVersion: 10.25.2
Run by oem at 12:26:10 on 2013-09-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.1697 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [NPSStartup] <no file>
mExplorerRun: [32514] C:\PROGRA~3\LOCALS~1\Temp\msnpoemoo.pif
StartupFolder: C:\Users\oem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\REGIST~1.LNK - E:\Support\Register\RegistrationReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Open &link target with BID - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{CE40FD2A-D2DE-4EB8-A1B7-21455E4BC228} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: AutorunsDisabled - <Clsid value has no data>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4be9c07a&v=7.005.030.004&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-13 55952]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-8-25 295696]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200]
R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-22 589872]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-9-10 265872]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-9-10 384432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-4-8 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2010-8-30 33416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-10 236544]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2011-3-8 56408]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2011-5-20 54728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;C:\Windows\System32\regw2.exe --> C:\Windows\System32\regw2.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-9-6 604688]
S3 CH341SER_A64;CH341SER_A64;C:\Windows\System32\drivers\CH341S64.SYS [2011-11-4 58368]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-5-24 11776]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2010-8-30 33416]
S3 PORTMON;PORTMON;C:\Users\oem\Downloads\PORTMSYS.SYS [2012-3-16 28656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2011-7-4 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2011-7-4 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2011-7-4 161280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-29 1255736]
S4 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-5-24 1737464]
S4 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
.
=============== Created Last 30 ================
.
2013-09-20 09:53:47 -------- d-----w- C:\VK
2013-09-11 14:25:54 -------- d-----w- C:\Users\oem\AppData\Local\{7215F537-5289-4375-ABA7-C778E19F4FAA}
2013-09-07 18:00:35 -------- d-----w- C:\Users\oem\AppData\Local\DayZCommander
2013-09-07 17:43:17 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2013-09-05 11:09:21 -------- d-----w- C:\Users\oem\AppData\Local\Activision
2013-09-05 00:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-25 21:57:06 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-08-25 21:56:57 -------- d-----w- C:\Users\oem\AppData\Local\PunkBuster
2013-08-25 21:56:21 -------- d-----w- C:\ProgramData\Orbit
2013-08-25 01:53:10 -------- d-----w- C:\Users\oem\AppData\Roaming\The Suffering
2013-08-25 01:45:31 -------- d-----w- C:\Program Files (x86)\R.G. Mechanics
2013-08-25 01:41:46 -------- d-----w- C:\GOG Games
.
==================== Find3M  ====================
.
2013-09-14 20:23:19 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-09-12 20:24:17 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-09-10 22:18:28 295696 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-08-27 13:22:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-27 13:22:47 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-25 03:16:54 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-20 00:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 00:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 00:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 00:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-02 18:58:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 18:58:20 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-07-02 18:58:20 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-07-01 00:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 12:26:39.87 ===============
 
Any help would me very much appreciated.
 

 

 



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 23 September 2013 - 10:28 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

     
    Having said that....   YBCQLm4.gif   Let's get going!!  
    ----------
     
    weVCzW0.jpg Please download TDSSKiller
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     
    81mYIKe.jpg  AdwCleaner
     
    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 GBayliss

GBayliss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 September 2013 - 11:45 AM

Many thanks for helping me with this problem.  It is very much appreciated.

 

ADW Scan:

 

# AdwCleaner v3.005 - Report created 23/09/2013 at 17:28:39
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Pictures\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\searchplugins\Askcom.xml
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\ConduitEngine
Folder Found C:\Program Files (x86)\uTorrentBar
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\oem\AppData\LocalLow\AskToolbar
Folder Found C:\Users\oem\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\oem\AppData\LocalLow\Conduit
Folder Found C:\Users\oem\AppData\LocalLow\ConduitEngine
Folder Found C:\Users\oem\AppData\LocalLow\PriceGong
Folder Found C:\Users\oem\AppData\LocalLow\uTorrentBar
Folder Found C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\Conduit
Folder Found C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\ConduitEngine
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B9FCF3C-09D7-47C5-ABB3-82CFB14676A3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Ask&Record
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6B9FCF3C-09D7-47C5-ABB3-82CFB14676A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70C2DFF1-956F-40CE-8616-124A0E33B7F0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9D28D83-C856-4B5E-89DB-10D464AF65E9}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader65706_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader65706_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6B9FCF3C-09D7-47C5-ABB3-82CFB14676A3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\uTorrentBar
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16450
 
 
-\\ Mozilla Firefox v22.0 (en-GB)
 
[ File : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\prefs.js ]
 
Line Found : user_pref("CT2786678..clientLogIsEnabled", true);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "14-1-2011");
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Mon Dec 13 2010 19:54:23 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.EnableClickToSearchBox", false);
Line Found : user_pref("CT2786678.EnableSearchHistory", false);
Line Found : user_pref("CT2786678.EnableSearchSuggest", false);
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 533);
Line Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Found : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Found : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Found : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "13-12-2010");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT2786678.InstalledDate", "Mon Dec 13 2010 19:54:23 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Jan 13 2011 23:16:49 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_3.2.5.2", "Fri Jan 14 2011 10:17:13 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.LatestVersion", "3.2.5.2");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipShow", false);
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.SearchBackToDefaultEngine", false);
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Jan 13 2011 23:16:48 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Jan 13 2011 23:16:49 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Fri Jan 14 2011 11:02:46 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1292489785");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Jan 04 2011 00:08:53 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2786678.UserID", "UN02161791340194108");
Line Found : user_pref("CT2786678.ValidationData_Search", 2);
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Fri Jan 14 2011 13:32:47 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.components.1000034", false);
Line Found : user_pref("CT2786678.components.129295698017012804", false);
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Jan 13 2011 23:16:49 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Dec 13 2010 19:54:25 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2786678.usageEnabled", false);
Line Found : user_pref("CT2786678.usagesFlag", 1);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285982114\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "Zee/agZSWJctT5JcsQKOQQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "/oUS1eK2SdsB3t6H2kLPsA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634303635100000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634285417620000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634290505850000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1292489785\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634292354593700000\"");
Line Found : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?ctId=CT2786678", "744x663");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4be9c07a&v=6.010.023.001&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jan 13 2011 23:16:48 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jan 13 2011 23:16:48 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "c480afeb-4798-4c51-b26d-8e83ec66a7e5");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Dec 13 2010 19:54:25 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Found : user_pref("ConduitEngine.FirstServerDate", "12/21/2010 19");
Line Found : user_pref("ConduitEngine.FirstTime", true);
Line Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Found : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Found : user_pref("ConduitEngine.Initialize", true);
Line Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Found : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line Found : user_pref("ConduitEngine.InstalledDate", "Mon Dec 13 2010 19:54:22 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("ConduitEngine.IsMulticommunity", false);
Line Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Found : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Jan 13 2011 23:16:52 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri Jan 14 2011 12:17:14 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Found : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
Line Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jan 14 2011 12:17:14 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("ConduitEngine.UserID", "UN20549237454777436");
Line Found : user_pref("ConduitEngine.engineLocale", "en-GB");
Line Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Jan 13 2011 23:16:51 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("ConduitEngine.initDone", true);
Line Found : user_pref("ConduitEngine.usagesFlag", 1);
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [22806 octets] - [23/09/2013 17:28:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22867 octets] ##########
 

Attached File  TDSSKiller.2.8.16.0_23.09.2013_17.26.45_log.txt   133.86KB   2 downloads

 

 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 23 September 2013 - 12:19 PM

Ok good....now this time go ahead and run AdwCleaner again, but this time be sure to press Clean and then post the log that is created when complete.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 GBayliss

GBayliss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 September 2013 - 12:50 PM

# AdwCleaner v3.005 - Report created 23/09/2013 at 18:43:19
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : oem - OEM-PC
# Running from : C:\Users\oem\Pictures\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\oem\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\oem\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\oem\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\oem\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\oem\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\oem\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\Conduit
Folder Deleted : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\ConduitEngine
File Deleted : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\searchplugins\Askcom.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader65706_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader65706_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6B9FCF3C-09D7-47C5-ABB3-82CFB14676A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B9FCF3C-09D7-47C5-ABB3-82CFB14676A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6B9FCF3C-09D7-47C5-ABB3-82CFB14676A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9D28D83-C856-4B5E-89DB-10D464AF65E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70C2DFF1-956F-40CE-8616-124A0E33B7F0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16450
 
 
-\\ Mozilla Firefox v22.0 (en-GB)
 
[ File : C:\Users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\prefs.js ]
 
Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "14-1-2011");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Mon Dec 13 2010 19:54:23 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.EnableClickToSearchBox", false);
Line Deleted : user_pref("CT2786678.EnableSearchHistory", false);
Line Deleted : user_pref("CT2786678.EnableSearchSuggest", false);
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 533);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Fri Jan 14 2011 13:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Fri Jan 14 2011 13:02:47 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "13-12-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Mon Dec 13 2010 19:54:23 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Jan 13 2011 23:16:49 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Fri Jan 14 2011 10:17:13 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SearchBackToDefaultEngine", false);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Jan 13 2011 23:16:48 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Jan 13 2011 23:16:49 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Jan 14 2011 11:02:46 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1292489785");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Jan 04 2011 00:08:53 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2786678.UserID", "UN02161791340194108");
Line Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Jan 14 2011 13:32:47 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.components.1000034", false);
Line Deleted : user_pref("CT2786678.components.129295698017012804", false);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Jan 13 2011 23:16:49 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Dec 13 2010 19:54:25 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CT2786678.usageEnabled", false);
Line Deleted : user_pref("CT2786678.usagesFlag", 1);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UK", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285982114\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "Zee/agZSWJctT5JcsQKOQQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "/oUS1eK2SdsB3t6H2kLPsA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/2010 3:54:59 PM", "634285417620000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2010 3:22:42 PM", "634290505850000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1292489785\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634292354593700000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?ctId=CT2786678", "744x663");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4be9c07a&v=6.010.023.001&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jan 13 2011 23:16:48 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jan 13 2011 23:16:48 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "c480afeb-4798-4c51-b26d-8e83ec66a7e5");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Dec 13 2010 19:54:25 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "12/21/2010 19");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Dec 13 2010 19:54:22 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Jan 13 2011 23:16:52 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Fri Jan 14 2011 12:17:14 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jan 14 2011 12:17:14 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN20549237454777436");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-GB");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Jan 13 2011 23:16:51 GMT+0000 (GMT Standard Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [22996 octets] - [23/09/2013 17:28:39]
AdwCleaner[R1].txt - [23057 octets] - [23/09/2013 18:41:32]
AdwCleaner[S0].txt - [22280 octets] - [23/09/2013 18:43:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22341 octets] ##########


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 23 September 2013 - 12:52 PM

Good job!  I am in class right now but will get your next set of instructions to you soon.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 23 September 2013 - 02:59 PM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 GBayliss

GBayliss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 23 September 2013 - 04:12 PM

Thanks again for the help :)

 

ComboFix.txt:

 

ComboFix 13-09-17.01 - oem 23/09/2013  21:39:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4094.2675 [GMT 1:00]
Running from: c:\users\oem\Pictures\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Local Settings\Temp
c:\users\oem\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\oem\AppData\Local\ImgBurn.exe
c:\users\oem\AppData\Local\tsMuxeR.exe
c:\users\oem\AppData\Roaming\Adobe\plugs
c:\users\oem\AppData\Roaming\Adobe\shed
c:\users\oem\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\oem\AppData\Roaming\Yqoln
c:\users\oem\AppData\Roaming\Yqoln\erec.hym
c:\users\oem\videos\streamtransport_setup.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-23 to 2013-09-23  )))))))))))))))))))))))))))))))
.
.
2013-09-23 16:28 . 2013-09-23 17:43 -------- d-----w- C:\AdwCleaner
2013-09-20 09:53 . 2013-09-23 16:15 -------- d-----w- C:\VK
2013-09-18 12:57 . 2013-09-18 12:57 -------- d-----w- c:\users\oem\AppData\Roaming\ImgBurn
2013-09-18 12:56 . 2013-09-18 12:56 -------- d-----w- c:\program files (x86)\ImgBurn
2013-09-07 18:00 . 2013-09-07 18:00 -------- d-----w- c:\users\oem\AppData\Local\DayZCommander
2013-09-07 17:43 . 2013-09-07 17:43 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2013-09-05 11:09 . 2013-09-05 11:09 -------- d-----w- c:\users\oem\AppData\Local\Activision
2013-09-05 00:43 . 2013-09-05 00:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-25 21:57 . 2013-09-21 20:12 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-08-25 21:56 . 2013-08-25 21:56 -------- d-----w- c:\users\oem\AppData\Local\PunkBuster
2013-08-25 21:56 . 2013-08-25 21:56 -------- d-----w- c:\programdata\Orbit
2013-08-25 01:53 . 2013-08-25 01:53 -------- d-----w- c:\users\oem\AppData\Roaming\The Suffering
2013-08-25 01:45 . 2013-08-25 01:45 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2013-08-25 01:41 . 2013-08-25 01:41 -------- d-----w- C:\GOG Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-21 16:06 . 2010-09-12 04:49 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-10 22:18 . 2011-08-25 19:33 295696 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-08-27 13:22 . 2012-04-23 07:39 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-27 13:22 . 2011-05-25 10:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-20 00:51 . 2013-07-20 00:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 00:50 . 2013-07-20 00:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 00:50 . 2013-07-20 00:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 00:50 . 2013-07-20 00:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-02 18:58 . 2013-07-02 18:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 18:58 . 2012-05-06 19:18 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-02 18:58 . 2010-05-12 12:27 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-01 00:45 . 2013-07-01 00:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2013-7-13 292736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system32\regw2.exe;c:\windows\SYSNATIVE\regw2.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 PORTMON;PORTMON;c:\users\oem\Downloads\PORTMSYS.SYS;c:\users\oem\Downloads\PORTMSYS.SYS [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [x]
R4 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S3 ALSysIO;ALSysIO;c:\users\oem\AppData\Local\Temp\ALSysIO64.sys;c:\users\oem\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-19 05:04 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 12:29]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 12:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoBackuped]
@="{7E5951A0-8683-432A-9483-5F43168D6A8C}"
[HKEY_CLASSES_ROOT\CLSID\{7E5951A0-8683-432A-9483-5F43168D6A8C}]
2011-09-28 10:31 4304048 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SKIcoSelected]
@="{15054241-49B4-4FA6-B4C7-A0071F118110}"
[HKEY_CLASSES_ROOT\CLSID\{15054241-49B4-4FA6-B4C7-A0071F118110}]
2011-09-28 10:31 4304048 ----a-w- c:\program files\VirginMedia\V Stuff Backup\AGSIconOverlay64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Shareaza - c:\program files (x86)\Shareaza\RazaWebHook64.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\po1ps4ke.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4be9c07a&v=7.005.030.004&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Explorer_Run-32514 - c:\progra~3\LOCALS~1\Temp\msnpoemoo.pif
c:\users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK - e:\support\Register\RegistrationReminder.exe -d 805549 -l english -r 7 -g Brothers In Arms -c united -i 
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
HKLM_Wow6432Node-ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Kaz_10 - c:\windows\iun6002.exe
AddRemove-yaxsyavzuwg - c:\windows\system32\yaxsyavzuwg.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
   34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
   e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d0,41,5a,39,a7,9a,cd,01
.
[HKEY_USERS\S-1-5-21-1850379984-2710349067-67067053-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a9,9e,e7,22,a7,fa,24,69,b9,06,43,a6,fd,7c,25,db,d7,27,01,16,8b,81,b9,
   fb,b2,1f,d9,ed,0e,45,99,e9,e7,17,cf,3a,4b,1e,41,b9,96,55,e4,d2,97,de,1f,4a,\
"??"=hex:be,ba,2d,0d,73,23,9d,05,f6,91,a5,2b,08,15,2c,9d
.
[HKEY_USERS\S-1-5-21-1850379984-2710349067-67067053-1000\Software\SecuROM\License information*]
"datasecu"=hex:55,cf,87,53,8d,f1,8b,e4,da,94,09,50,e0,e4,c7,2b,e7,2a,b7,63,18,
   b1,ac,82,df,71,e9,49,ef,d1,36,1a,a1,b8,40,69,8c,51,49,17,db,5e,5c,22,3b,e6,\
"rkeysecu"=hex:a8,d9,2e,24,4f,d5,a2,d0,78,19,d8,69,38,76,2c,70
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
.
**************************************************************************
.
Completion time: 2013-09-23  22:01:08 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-23 21:01
.
Pre-Run: 129,950,629,888 bytes free
Post-Run: 131,104,616,448 bytes free
.
- - End Of File - - 02E5DEF0EB7786BFB97F944B1DF46AEB
A36C5E4F47E84449FF07ED3517B43A31


#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 24 September 2013 - 06:43 AM

How is your system running now?

 

When you ran DDS the first time there should have been a log named Attach.txt.  Could you post that please?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 GBayliss

GBayliss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 25 September 2013 - 08:27 AM

Sorry for the delay in replying.

 

With CD Emulation turned off through Defogger, AVG free is no longer detecting any root-kit infections.  If I enable CD Emulation they return.

 

I have had Daemon Tools installed for three years without any root-kits being detected.  Is it possible that updated definitions caused this?  My system failed to boot without Windows Repair on the day the root-kits showed up on the daily scan.

 

Aside from the AVG scans everything appears to be working :)

 

 

 

Attached Files



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 25 September 2013 - 08:35 AM

Is it possible that updated definitions caused this?

Yes...absolutely this could have happened.  There should be a place to add that program to an exclusions list in AVG.  
 
---------------
 
VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
VBJ9QO9.jpgJava
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 
GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.
     
          A3npGzM.jpg
       
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:
 
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
 
ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 GBayliss

GBayliss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 25 September 2013 - 03:56 PM

Have done the Java re-install and clean.

 

Here is the Malwarebytes scan:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.25.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
oem :: OEM-PC [administrator]
 
25/09/2013 17:03:21
mbam-log-2013-09-25 (17-03-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217054
Time elapsed: 6 minute(s), 34 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\CLSID\{b33ee05e-0e9f-5672-5ac7-4fedac3dbf5c} (Adware.Ezula) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|32514 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msnpoemoo.pif -> Delete on reboot.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 5
C:\Users\oem\Downloads\aTube_Catcher(1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\oem\Downloads\aTube_Catcher.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\oem\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\oem\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.
 
(end)
 
The ESET scan is still running (92% at 4 hours 23 mins, 8 threats found so far).
 
I will have to leave it running overnight and shall post the report in the morning.
 
Thanks again for your patience and help :)


#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 25 September 2013 - 07:07 PM

No problem....when you get the log be sure to post it and then we will go from there.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 GBayliss

GBayliss
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 26 September 2013 - 03:05 AM

Here are the ESET results:

 

C:\AdwCleaner\Quarantine\C\Users\oem\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Sony\Vegas Pro 12.0\vegas.pro.12.-patch.exe a variant of Win32/HackTool.Patcher.AD application
C:\Program Files (x86)\LucasArts\Star Wars JK II Jedi Outcast\GameData\patch-104.exe a variant of Win32/HackTool.Patcher.C application
C:\Users\oem\Downloads\aTube_Catcher (1).exe multiple threats
C:\Users\oem\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\oem\Downloads\cbsidlm-tr1_11-Active_WebCam-ORG-10064509.exe Win32/DownloadAdmin.G application
C:\Users\oem\Downloads\cpu-z_1.64-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\oem\Downloads\flvplayer.zip a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\oem\Downloads\VDownloaderInstallerIC.exe a variant of Win32/InstallCore.BY application
C:\Windows\System32\yaxsyavzuwg.exe Win32/Adware.RON.FSV application
C:\Windows\SysWOW64\yaxsyavzuwg.exe Win32/Adware.RON.FSV application


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 26 September 2013 - 06:32 AM

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    C:\Program Files\Sony\Vegas Pro 12.0\vegas.pro.12.-patch.exe 
    C:\Program Files (x86)\LucasArts\Star Wars JK II Jedi Outcast\GameData\patch-104.exe 
    C:\Users\oem\Downloads\aTube_Catcher (1).exe 
    C:\Users\oem\Downloads\avc-free.exe 
    C:\Users\oem\Downloads\cbsidlm-tr1_11-Active_WebCam-ORG-10064509.exe 
    C:\Users\oem\Downloads\cpu-z_1.64-setup-en.exe 
    C:\Users\oem\Downloads\flvplayer.zip 
    C:\Users\oem\Downloads\VDownloaderInstallerIC.exe 
    C:\Windows\System32\yaxsyavzuwg.exe 
    C:\Windows\SysWOW64\yaxsyavzuwg.exe 

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know what remaining malware problems you are having.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users