Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browsers got hijacked


  • This topic is locked This topic is locked
10 replies to this topic

#1 noonytunes

noonytunes

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:09:27 AM

Posted 17 November 2013 - 08:32 PM

Hi.  I posted earlier about my browsers getting hijacked.  "aartemis.com" took over both Firefox and IE.  I tried to reinstate my settings but it didn't take effect.  I referred to a post on tutorials "4 Simple Steps for removing Spyware, Hijackers, Viruses, and Malware".  I downloaded and ran Malwarebytes Anti-Malware and SuperAntiSpyware.  I downloaded DDS and I saved the reports, which I a, attaching.  I might have done something wrong with that because it didn't turn out exactly as shown on the post.  Anyway, I have McAfee Security Suite on Windows 7.  My computer is Gateway SX2803-25e.  I've done everything I know to do to get rid of that aartemis.com and to get back to my browser settings, but to no avail.  Please help.  It's not letting me copy and paste so I am attaching the logs.

 

 

 

Attached Files


noonytunes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:27 AM

Posted 22 November 2013 - 08:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514559 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 23 November 2013 - 10:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:09:27 AM

Posted 24 November 2013 - 02:44 PM

Thank you for your help.  Here are the logs.

 

# AdwCleaner v3.013 - Report created 24/11/2013 at 10:20:02
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gateway - GATEWAY-PC
# Running from : C:\Users\Gateway\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Gateway\AppData\Local\Conduit
Folder Deleted : C:\Users\Gateway\AppData\Local\PackageAware
Folder Deleted : C:\Users\Gateway\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gateway\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Gateway\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Gateway\Documents\PC Health Kit
Folder Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\Smartbar
Folder Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\ValueApps
Folder Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\CT3315828
Folder Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\Extensions\{8e2479de-6096-41f3-90ab-83be9946aa2d}
Folder Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\Users\Gateway\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\aartemis.xml
File Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\user.js
File Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\digitalsite.job
File Deleted : C:\Windows\System32\Tasks\digitalsite

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Gateway\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Gateway\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Gateway\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Gateway\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279412
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\prefs.js ]

Line Deleted : user_pref("CT3315828.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3315828.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3315828.1000234.TWC_TMP_city", "SUGAR LAND");
Line Deleted : user_pref("CT3315828.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3315828.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3315828.1000234.TWC_locId", "USTX1312");
Line Deleted : user_pref("CT3315828.1000234.TWC_location", "Sugar Land, TX");
Line Deleted : user_pref("CT3315828.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3315828.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3315828.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3315828.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315828.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315828.FF19Solved", "true");
Line Deleted : user_pref("CT3315828.FirstTime", "true");
Line Deleted : user_pref("CT3315828.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3315828.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828&SearchSource=2&CUI=UN30013182541485721&UM=2&q=");
Line Deleted : user_pref("CT3315828.UserID", "UN30013182541485721");
Line Deleted : user_pref("CT3315828.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3315828.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3315828.countryCode", "US");
Line Deleted : user_pref("CT3315828.defaultSearch", "true");
Line Deleted : user_pref("CT3315828.enableAlerts", "true");
Line Deleted : user_pref("CT3315828.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3315828.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3315828.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3315828.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3315828.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3315828.fullUserID", "UN30013182541485721.IN.20131119162718");
Line Deleted : user_pref("CT3315828.homepageuserchanged", true);
Line Deleted : user_pref("CT3315828.installDate", "19/11/2013 16:27:27");
Line Deleted : user_pref("CT3315828.installId", "stub.exe");
Line Deleted : user_pref("CT3315828.installSessionId", "{A7093EEC-385D-4248-9552-B712B2FBC3DF}");
Line Deleted : user_pref("CT3315828.installSp", "TRUE");
Line Deleted : user_pref("CT3315828.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3315828.installUsage", "2013-11-20T02:40:07.6649953+03:00");
Line Deleted : user_pref("CT3315828.installUsageEarly", "2013-11-20T02:40:06.5573669+03:00");
Line Deleted : user_pref("CT3315828.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3315828.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3315828.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315828.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3315828.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3315828.keyword", "true");
Line Deleted : user_pref("CT3315828.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3315828&octid=CT3315828&SearchSource=15&CUI=UN30013182541485721&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3315828.lastVersion", "10.22.5.510");
Line Deleted : user_pref("CT3315828.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3315828.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F514559%2Fbrowsers-got-hijacked%2F\",\"EB_MAIN_FRAME_[...]
Line Deleted : user_pref("CT3315828.openThankYouPage", "false");
Line Deleted : user_pref("CT3315828.openUninstallPage", "true");
Line Deleted : user_pref("CT3315828.originalHomepage", "hxxp://www.windstream.net/");
Line Deleted : user_pref("CT3315828.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3315828.originalSearchEngine", "aartemis");
Line Deleted : user_pref("CT3315828.originalSearchEngineName", "aartemis");
Line Deleted : user_pref("CT3315828.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3315828.search.searchAppId", "130246923278098814");
Line Deleted : user_pref("CT3315828.search.searchCount", "0");
Line Deleted : user_pref("CT3315828.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3315828.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3315828.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3315828.searchRevert", "false");
Line Deleted : user_pref("CT3315828.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3315828.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3315828.searchUserMode", "2");
Line Deleted : user_pref("CT3315828.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3315828\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper37.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.7 \"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3315828.serviceLayer_services_Configuration_lastUpdate", "1385311747872");
Line Deleted : user_pref("CT3315828.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1384904432650");
Line Deleted : user_pref("CT3315828.serviceLayer_services_appsMetadata_lastUpdate", "1384999840622");
Line Deleted : user_pref("CT3315828.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1384904432090");
Line Deleted : user_pref("CT3315828.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1384904431726");
Line Deleted : user_pref("CT3315828.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1384904433054");
Line Deleted : user_pref("CT3315828.serviceLayer_services_login_10.22.3.18_lastUpdate", "1384986367285");
Line Deleted : user_pref("CT3315828.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385064068505");
Line Deleted : user_pref("CT3315828.serviceLayer_services_login_10.22.5.510_lastUpdate", "1385311749673");
Line Deleted : user_pref("CT3315828.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1384904432486");
Line Deleted : user_pref("CT3315828.serviceLayer_services_searchAPI_lastUpdate", "1385311748023");
Line Deleted : user_pref("CT3315828.serviceLayer_services_serviceMap_lastUpdate", "1385311747404");
Line Deleted : user_pref("CT3315828.serviceLayer_services_toolbarContextMenu_lastUpdate", "1384999840389");
Line Deleted : user_pref("CT3315828.serviceLayer_services_toolbarSettings_lastUpdate", "1385311748088");
Line Deleted : user_pref("CT3315828.serviceLayer_services_translation_lastUpdate", "1385311747916");
Line Deleted : user_pref("CT3315828.settingsINI", true);
Line Deleted : user_pref("CT3315828.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3315828.showToolbarPermission", "false");
Line Deleted : user_pref("CT3315828.smartbar.CTID", "CT3315828");
Line Deleted : user_pref("CT3315828.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3315828.smartbar.homepage", "true");
Line Deleted : user_pref("CT3315828.smartbar.toolbarName", "InternetHelper3.7 ");
Line Deleted : user_pref("CT3315828.startPage", "true");
Line Deleted : user_pref("CT3315828.toolbarBornServerTime", "20-11-2013");
Line Deleted : user_pref("CT3315828.toolbarCurrentServerTime", "24-11-2013");
Line Deleted : user_pref("CT3315828.toolbarInstallDate", "19-11-2013 16:27:18");
Line Deleted : user_pref("CT3315828.toolbarLoginClientTime", "Tue Nov 19 2013 16:40:32 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT3315828.versionFromInstaller", "10.22.3.18");
Line Deleted : user_pref("CT3315828.xpeMode", "0");
Line Deleted : user_pref("CT3315828_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385311745603,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.7 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828&SearchSource=2&CUI=UN30013182541485721&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3315828");
Line Deleted : user_pref("browser.newtab.url", "hxxp://aartemis.com/newtab/?type=nt&ts=1384619765&from=tugs&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5E58789487894");
Line Deleted : user_pref("browser.search.defaultenginename", "InternetHelper3.7 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.7 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828&CUI=UN30013182541485721&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "InternetHelper3.7 Customized Web Search");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtDyEyCtBtCzy0EtByB0AtN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1506627933");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtDyEyCtBtCzy0EtByB0AtN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "F80F41046219E27A");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16023");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtDyEyCtBtCzy0EtByB0AtN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtDyEyCtBtCzy0EtByB0AtN0D0Tzu0CyCzztAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.010:15:9");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828&SearchSource=2&CUI=UN30013182541485721&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3315828");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3315828&CUI=UN30013182541485721&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3315828&octid=CT3315828&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315828&SearchSource=2&CUI=UN30013182541485721&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3315828");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3315828");
Line Deleted : user_pref("smartbar.machineId", "OWOYCQJDVGHKTKZZP1DCS+QW2K4EVBNGBRWIGJADGXVN1JBZS/1DVMMTFQDHJKE2AZ+SCZ5YFQEEL0CMW637UW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3315828&CUI=UN30013182541485721&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3315828.mam_gk_currentVersion", "312E31312E342E32");
Line Deleted : user_pref("valueApps.CT3315828.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3315828.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3315828.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3315828.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3315828.mam_gk_migrated_from_ls.storedInFile", false);

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [25947 octets] - [24/11/2013 10:18:11]
AdwCleaner[S0].txt - [23721 octets] - [24/11/2013 10:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23782 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gateway on Sun 11/24/2013 at 10:31:22.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2476597327-1334109928-869241644-1000\Software\wajam



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Gateway\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Gateway\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{00CC3175-833C-4171-A769-9D6A1A7EB464}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{12C446C4-99AA-4FCF-A0E0-C898CFA89200}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{1558C2C0-C35F-483D-AB2C-AD3249F3C027}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{172C9B5D-655A-473D-BFF8-9B60C2D2D49E}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{25B2136A-4222-47D4-BD15-8A0B3643DC0D}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{26B8091F-B8EF-43D6-BD90-83B38C2D7CA7}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{275EDAB8-2240-4D74-A357-B65300878B08}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{30D1EE6C-A63D-41F5-AFA1-BA75A05A9989}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{314A8981-A006-430E-B5B3-FACC05AC7F82}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{3A79D1AE-AC1E-494E-8A4B-DD6C01D42E2E}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{3DB62D13-2FBB-4C94-97F1-A2655D4703B7}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{4123940C-F176-4BA8-B35C-AE31D9ECF78F}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{420CB629-7140-4490-ABBB-42AA81787E47}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{44645E3F-B1AA-410B-B221-49C7BF5F7797}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{47A8E3A4-293E-4BB2-BEEA-49F0468F209E}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{49FA43F7-C9A2-4D40-9163-F300B5D5EC90}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{4D4B8FD0-CF79-4A18-995C-E4F2953773B3}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{503B851B-80CC-42F7-B760-050DA44F3674}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{5431D9B7-A450-419E-9FB8-0F26659791B3}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{55AEB885-63BF-4F60-BFE9-4B6FADFC1BE4}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{58DF34BC-DFAE-4A3D-A29A-DD8DB0B9AD53}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{5F9000A1-8713-49D0-9010-0ECE9B7A0518}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{771F478B-E920-4B09-9FAC-851C84863156}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{78A4B641-0923-4E04-83EC-217D9A63486D}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{7F48C15D-A10D-4325-B8A1-F887B5AE1B21}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{811B05B5-7FFE-4732-9F14-3523F1A890D3}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{822958A1-42B8-4A11-9CC6-6612ECBD4453}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{8B168EAE-34A8-41B6-8B55-FBC6675A7BF3}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{8B25FD15-30D5-45B0-A89E-4D6C2CE9C590}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{926D370B-6F60-4F16-83F4-4C7DD808921E}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{9397BEA7-84F9-4FB9-813D-DE02B9DCFA43}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{A479682E-7F35-48AD-AE37-4B21D3EEC9EE}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{A93648D3-12CD-4C3E-AC7E-9D8BE59D4C69}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{AE4CCA74-5893-485F-93DD-A31F627001D8}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{AF03FC99-D2B1-48C5-BDEC-0F8BE8D04DB9}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{B2B0EC34-C66F-49B1-A6BF-E24BD534E805}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{B3CC88E3-3751-4446-81E8-03A630F90C6B}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{B46AC5DC-4C8A-40B8-BA90-910CE55355B0}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{BA1AE017-F9EA-46BE-949E-88E02438E5A0}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{BB335555-9BF3-45CF-AA0F-8A9310049F1C}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{BD9F10DC-91D8-4D91-BD31-D3846A1F0721}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{BE42D556-B82D-4844-8D59-B198C6A29A70}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{C935C954-3DCF-42FC-9FBB-3C06729141E8}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{C9DC8CC6-8DB2-4B13-90CA-7A8E55B0DDFD}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{C9DFEE3C-4EF1-4735-A50B-183B3B72D08E}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{CBCF07C9-0378-4A16-976D-5C6DF7EFB8F0}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{CE938F86-F4FA-4825-B86A-875DD2E6731C}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{D95CF1EC-BB8F-4D6B-A95D-2AA0D83BBA72}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{DA65DFB6-7BE6-4CBD-A549-1ED6F790FE86}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{DEB18A69-5CDF-4116-953F-A97516BA7B6C}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{DF66071C-1D2F-4A21-B94A-4322F684F960}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{E057F9D8-95DF-411E-AF47-6149E6F35C11}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{E9EE7D34-D2A8-4D42-B449-780DCB99A06F}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{EB8303B6-3D67-4CC7-B3B9-3FF98C1669BA}
Successfully deleted: [Empty Folder] C:\Users\Gateway\appdata\local\{FCC0FE9D-EAFB-4226-B2B4-0A5E2A560A63}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Gateway\AppData\Roaming\mozilla\firefox\profiles\yp4j033g.default\extensions\staged
Emptied folder: C:\Users\Gateway\AppData\Roaming\mozilla\firefox\profiles\yp4j033g.default\minidumps [12 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/24/2013 at 10:39:31.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix 13-11-23.02 - Gateway 11/24/2013  10:55:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4546 [GMT -7:00]
Running from: c:\users\Gateway\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-24 to 2013-11-24  )))))))))))))))))))))))))))))))
.
.
2013-11-24 18:35 . 2013-11-24 18:35    --------    d-----w-    c:\users\Gateway\AppData\Local\temp
2013-11-24 18:35 . 2013-11-24 18:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-24 17:31 . 2013-11-24 17:31    --------    d-----w-    c:\windows\ERUNT
2013-11-24 17:18 . 2013-11-24 17:20    --------    d-----w-    C:\AdwCleaner
2013-11-22 15:54 . 2013-09-04 12:11    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-22 15:54 . 2013-09-04 12:11    52736    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-22 15:54 . 2013-09-04 12:12    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-22 15:54 . 2013-09-04 12:11    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-22 15:54 . 2013-09-04 12:11    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-22 15:54 . 2013-09-04 12:11    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-22 15:54 . 2013-09-04 12:11    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-19 22:54 . 2013-11-23 16:07    --------    d-----w-    c:\program files (x86)\CleanUp!
2013-11-17 23:01 . 2013-11-17 23:01    --------    d-----w-    c:\users\Gateway\AppData\Roaming\SUPERAntiSpyware.com
2013-11-17 23:01 . 2013-11-17 23:01    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-11-17 23:01 . 2013-11-17 23:01    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-11-17 21:00 . 2013-11-17 21:00    --------    d-----w-    c:\users\Gateway\AppData\Roaming\Malwarebytes
2013-11-17 21:00 . 2013-11-17 21:00    --------    d-----w-    c:\programdata\Malwarebytes
2013-11-17 21:00 . 2013-11-19 08:55    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-17 21:00 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-11-14 17:17 . 2013-11-14 17:48    --------    d-----w-    c:\users\Gateway\AppData\Local\cache
2013-11-14 17:17 . 2013-11-14 17:47    --------    d-----w-    c:\users\Gateway\AppData\Local\Mobogenie
2013-11-14 17:17 . 2013-11-14 17:17    --------    d-----w-    c:\users\wangzhisong
2013-11-14 17:16 . 2013-11-14 17:55    --------    d-----w-    c:\program files (x86)\Mobogenie
2013-11-13 16:47 . 2013-11-13 16:49    --------    d-----w-    C:\aff227508a7587eceff10ce1d8f043a5
2013-11-13 14:00 . 2013-10-05 20:25    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-11-13 14:00 . 2013-10-05 19:57    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-11-13 14:00 . 2013-09-28 01:09    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-11-13 14:00 . 2013-10-04 02:24    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-11-13 14:00 . 2013-10-04 02:28    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-13 14:00 . 2013-10-04 01:56    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-11-13 14:00 . 2013-10-04 02:25    197120    ----a-w-    c:\windows\system32\credui.dll
2013-11-13 14:00 . 2013-10-04 01:58    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 14:00 . 2013-10-04 01:56    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-11-12 05:54 . 2013-10-15 01:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-11-12 05:54 . 2013-11-12 05:54    --------    d--h--w-    c:\windows\msdownld.tmp
2013-11-11 18:11 . 2013-09-23 20:49    197704    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
2013-11-10 23:08 . 2013-11-10 23:08    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 23:08 . 2013-11-10 23:08    --------    d-----w-    c:\program files\iTunes
2013-11-10 23:08 . 2013-11-10 23:08    --------    d-----w-    c:\program files (x86)\iTunes
2013-11-10 23:08 . 2013-11-10 23:08    --------    d-----w-    c:\program files\iPod
2013-10-27 18:39 . 2013-10-27 18:39    --------    d-----w-    c:\program files (x86)\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-22 15:52 . 2012-09-06 17:50    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-13 16:47 . 2012-06-25 17:43    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-11-06 15:18 . 2012-09-28 15:47    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-22 18:38 . 2012-11-12 01:18    737072    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-22 18:38 . 2012-11-12 01:08    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-10-22 18:37 . 2012-11-12 01:07    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-10-17 17:06 . 2013-10-17 17:06    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-10 01:37 . 2013-09-15 00:28    566480    ------w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-10-03 08:28 . 2013-10-03 08:28    602112    ----a-w-    c:\windows\SysWow64\xvid.dll
2013-09-25 03:29 . 2013-07-02 19:07    70112    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-09-25 03:25 . 2013-02-19 19:56    343568    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 03:25 . 2013-07-02 18:53    182752    ----a-w-    c:\windows\system32\mfevtps.exe
2013-09-25 03:22 . 2013-02-19 19:54    781312    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-09-25 03:21 . 2013-07-02 19:07    519192    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-09-25 03:20 . 2013-07-02 19:07    310224    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 03:19 . 2013-02-19 19:52    179664    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-09-22 15:33 . 2013-09-21 21:56    16152    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2013-09-20 16:38 . 2013-09-20 16:38    10856    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 16:38 . 2013-09-20 16:38    95984    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 16:37 . 2013-09-20 16:37    390552    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
2013-09-08 02:30 . 2013-10-10 18:16    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 18:16    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 18:16    231424    ----a-w-    c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-10 18:16    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 18:16    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 18:16    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 18:16    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 18:16    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 18:16    3969472    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 18:16    3914176    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 18:16    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 18:16    1292192    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 18:16    619520    ----a-w-    c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 18:16    640512    ----a-w-    c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 18:16    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-10 18:16    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 18:16    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 18:16    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 18:16    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 18:16    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 18:16    461312    ----a-w-    c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-15 17:37    222712    ----a-w-    c:\users\Gateway\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-15 17:37    222712    ----a-w-    c:\users\Gateway\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-15 17:37    222712    ----a-w-    c:\users\Gateway\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Verizon Cloud\Verizon Cloud Service.exe" [2013-10-03 22827328]
"Facebook Update"="c:\users\Gateway\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-25 138096]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-09-04 1315144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"Windstream Service Agent.exe"="c:\program files (x86)\Windstream\Service Agent\Windstream Service Agent.exe" [2011-10-14 10204472]
"DiagnosticTools.exe"="c:\program files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" [2011-04-25 2037048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
R3 cpuz134;cpuz134;c:\users\Gateway\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Gateway\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{4CB8192B-6B12EE4C-06020101}_0;PCDSRVC{4CB8192B-6B12EE4C-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\gateway\appdata\local\temp\3zwrx.f1pn7p\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\gateway\appdata\local\temp\3zwrx.f1pn7p\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLBUS.sys [x]
R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLCVsp.sys [x]
R3 PTUMLMBMP;PANTECH UML290 Mobile Broadband;c:\windows\system32\DRIVERS\PTUMLMBMP.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLMBMP.sys [x]
R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLMdm.sys [x]
R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLNVsp.sys [x]
R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLRMNET.sys [x]
R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys;c:\windows\SYSNATIVE\DRIVERS\PTUMLVsp.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 HsdService;HsdService;c:\program files (x86)\Windstream\Diagnostic Tools\HsdService.exe;c:\program files (x86)\Windstream\Diagnostic Tools\HsdService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Windstream\Service Agent\ServicepointService.exe;c:\program files (x86)\Windstream\Service Agent\ServicepointService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-14 21:58    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 15:52]
.
2013-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2476597327-1334109928-869241644-1000Core.job
- c:\users\Gateway\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:41]
.
2013-11-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2476597327-1334109928-869241644-1000UA.job
- c:\users\Gateway\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 19:41]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28 21:24]
.
2013-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-28 21:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-15 17:37    261624    ----a-w-    c:\users\Gateway\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-15 17:37    261624    ----a-w-    c:\users\Gateway\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-15 17:37    261624    ----a-w-    c:\users\Gateway\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-23 7981088]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
FF - ProfilePath - c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-20 09:44; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-11-14 11:03; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-11-19 16:27; {8e2479de-6096-41f3-90ab-83be9946aa2d}; c:\users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\yp4j033g.default\extensions\{8e2479de-6096-41f3-90ab-83be9946aa2d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{4CB8192B-6B12EE4C-06020101}_0]
"ImagePath"="\??\c:\users\gateway\appdata\local\temp\3zwrx.f1pn7p\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-24  11:38:44
ComboFix-quarantined-files.txt  2013-11-24 18:38
.
Pre-Run: 933,887,385,600 bytes free
Post-Run: 933,736,394,752 bytes free
.
- - End Of File - - FC78C4341F32E59A801AC042E9506420
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

That's it!

 


noonytunes

#5 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:09:27 AM

Posted 25 November 2013 - 09:03 AM

:flowers: Hi.  I have a question--when you get time.  I am very grateful to be rid of all of that stuff.  I got my browsers back.  In your instructions you said:  3. Do not install any other programs until this if fixed.  That was in relation to ComboFix.  I don't know if you do anything with those logs or if there is more to tend to with all of this.  Maybe that is already fixed.  I just want to proceed with care.  I can get a free trial of a higher level or security from McAfee.  I have just had McAfee Anti Virus Plus.  I want the free trial of McAfee Total Protection.  For some reason it won't install.  Could it be due to something not being fixed.  Before I contact them for help I wanted to check with you.  Sorry I'm not more succinct.  But I really appreciate the help you have provided.  :thumbup2:


noonytunes

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 25 November 2013 - 09:51 AM

Your logs are clean.

Check further with this scan.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
If you still have problem with installing the latest McAfee product I suggest you contact them.
It may just be that you need to remove the current version before proceeding. Not sure. Check with them.

#7 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:09:27 AM

Posted 25 November 2013 - 12:23 PM

It is saying:  Cannot get update--is proxy configured?

I don't know what to do about that.


noonytunes

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 25 November 2013 - 01:20 PM

Run this and see if it helps.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#9 noonytunes

noonytunes
  • Topic Starter

  • Members
  • 663 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alcalde, New Mexico
  • Local time:09:27 AM

Posted 25 November 2013 - 01:39 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Gateway (administrator) on 25-11-2013 at 11:32:56
Running from "C:\Users\Gateway\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.


========================= Event log errors: ===============================

Application errors:
==================
Error: (11/25/2013 10:10:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/25/2013 10:10:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/25/2013 10:10:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/25/2013 10:10:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/25/2013 10:00:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/24/2013 01:38:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (11/25/2013 06:51:23 AM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/25/2013 06:51:23 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (11/25/2013 06:51:23 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (11/24/2013 02:31:18 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (11/24/2013 01:52:43 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/24/2013 01:50:42 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/24/2013 01:48:41 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/24/2013 01:46:40 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/24/2013 01:44:53 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (11/24/2013 01:19:38 PM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.


Microsoft Office Sessions:
=========================
Error: (11/25/2013 10:10:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gateway\Desktop\esetsmartinstaller_enu.exe

Error: (11/25/2013 10:10:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gateway\Desktop\esetsmartinstaller_enu.exe

Error: (11/25/2013 10:10:44 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gateway\Desktop\esetsmartinstaller_enu.exe

Error: (11/25/2013 10:10:04 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gateway\Desktop\esetsmartinstaller_enu.exe

Error: (11/25/2013 10:00:32 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gateway\Desktop\esetsmartinstaller_enu.exe

Error: (11/24/2013 01:38:50 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2013-11-24 11:35:12.059
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-24 11:35:11.918
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


**** End of log ****
 


noonytunes

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 01 December 2013 - 10:07 AM

Sorry about this delay.

Do you still need help?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:27 AM

Posted 07 December 2013 - 10:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users