Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

error code 0x080070424


  • Please log in to reply
8 replies to this topic

#1 rickyram

rickyram

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 26 November 2013 - 07:43 PM

I recently removed a virus from my laptop using rkill and now the virus is gone but I can not download a flash player and my firewalls are locked off. When i try to turn them on I get this message, " windows firewall can't change some of your settings" error code 0x80070424. Can anyone please help me?



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 PM

Posted 26 November 2013 - 09:21 PM

Hello rickyram..
Rkill does not remove infection. It stops certain malware so the next tools run can remove them..

The error code you listed is that the windows Firewall is stopped . All thus is most likely due to infection.

What virus do you think was removed?

I am moving this from Win 7 to the Am I Infected forum to start over.

 

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

Run Rkill again and post that log...

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    [LIST]

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

.
.
.
.
  • Last run ESET.
    [LIST]
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rickyram

rickyram
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 27 November 2013 - 10:27 AM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Brew n Crew (administrator) on 27-11-2013 at 05:15:53
Running from "C:\Users\Brew n Crew\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : BrewnCue
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
   Physical Address. . . . . . . . . : 70-1A-04-8D-B4-2C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-25-64-75-6E-33
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::28fa:539:cd4e:8c46%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 24, 2013 5:06:13 AM
   Lease Expires . . . . . . . . . . : Saturday, January 03, 2150 11:44:27 AM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 234890596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A2-3D-FE-00-25-64-75-6E-33
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FF7A29A1-BC70-4B4C-AE82-760197B2F669}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {7D359E4A-0686-482B-9BB8-FF1656DE424D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {9EBA1D8B-965E-40E8-A99B-996C0B014F76}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4002:c07::65
      74.125.196.100
      74.125.196.113
      74.125.196.102
      74.125.196.139
      74.125.196.138
      74.125.196.101


Pinging google.com [173.194.37.33] with 32 bytes of data:
Reply from 173.194.37.33: bytes=32 time=22ms TTL=54
Reply from 173.194.37.33: bytes=32 time=23ms TTL=54

Ping statistics for 173.194.37.33:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server:  
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=61ms TTL=48
Reply from 98.139.183.24: bytes=32 time=103ms TTL=50

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 103ms, Average = 82ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...70 1a 04 8d b4 2c ......Dell Wireless 1397 WLAN Mini-Card
 10...00 25 64 75 6e 33 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    276
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::28fa:539:cd4e:8c46/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/26/2013 08:29:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16736, time stamp: 0x5258c4cc
Faulting module name: deploy.dll_unloaded, version: 0.0.0.0, time stamp: 0x52541a17
Exception code: 0xc0000005
Fault offset: 0x6831e6f1
Faulting process id: 0x674
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/26/2013 08:08:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16736, time stamp: 0x5258c4cc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7517e344
Faulting process id: 0x123c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (11/26/2013 08:07:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.


System errors:
=============
Error: (11/25/2013 04:27:10 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/25/2013 04:27:07 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/25/2013 04:27:06 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/25/2013 04:27:05 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/24/2013 09:24:35 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/24/2013 09:24:34 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/24/2013 05:08:38 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070006

Error: (11/24/2013 05:08:08 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/24/2013 05:08:06 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (11/24/2013 05:08:05 AM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.3.0.29625)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Advanced Audio FX Engine (Version: 1.12.05)
Belkin Setup and Router Monitor
Bing Rewards Client Installer (Version: 16.0.345.0)
Catalina Savings Printer (Version: 1.0.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.4)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Touchpad (Version: 7.104.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Facebook Messenger 2.1.4814.0 (Version: 2.1.4814.0)
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Maintenance Samsung ML-191x 252x Series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 1.2.1)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft UI Engine (Version: 6.3.2380.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
Monument Builders - Empire State Building (Version: 32.0.0.0)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Dell (Version: 3.4.6361.48)
Nancy Drew®: The Silent Spy
Northern Tale 2 (Version: 32.0.0.0)
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
Rescue Team 3 (Version: 32.0.0.0)
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
swMSM (Version: 12.0.0.1)
The Timebuilders: Caveman's Prophecy
The Weather Channel App
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viking Saga (Version: 32.0.0.0)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
World Mosaics 7 (Version: 32.0.0.0)
Yahoo! Detect
Yontoo 2.05 (Version: 2.05)
Youda Fisherman (Version: 32.0.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3032.36 MB
Available physical RAM: 1516.38 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 4305.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.77 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:167.43 GB) NTFS

========================= Users: ========================================

User accounts for \\BREWNCUE

Administrator            Brew n Crew              Guest                    


**** End of log ****

 

 

 

 



#4 rickyram

rickyram
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 27 November 2013 - 10:34 AM

05:31:44.0767 0x13a4  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
05:31:46.0842 0x13a4  ============================================================
05:31:46.0842 0x13a4  Current date / time: 2013/11/27 05:31:46.0842
05:31:46.0842 0x13a4  SystemInfo:
05:31:46.0842 0x13a4  
05:31:46.0842 0x13a4  OS Version: 6.1.7601 ServicePack: 1.0
05:31:46.0842 0x13a4  Product type: Workstation
05:31:46.0842 0x13a4  ComputerName: BREWNCUE
05:31:46.0842 0x13a4  UserName: Brew n Crew
05:31:46.0842 0x13a4  Windows directory: C:\Windows
05:31:46.0842 0x13a4  System windows directory: C:\Windows
05:31:46.0842 0x13a4  Running under WOW64
05:31:46.0842 0x13a4  Processor architecture: Intel x64
05:31:46.0842 0x13a4  Number of processors: 2
05:31:46.0842 0x13a4  Page size: 0x1000
05:31:46.0842 0x13a4  Boot type: Normal boot
05:31:46.0842 0x13a4  ============================================================
05:31:47.0044 0x13a4  System UUID: {53795523-605A-5087-7AC8-29CC4966EE48}
05:31:47.0544 0x13a4  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
05:31:47.0544 0x13a4  ============================================================
05:31:47.0544 0x13a4  \Device\Harddisk0\DR0:
05:31:47.0559 0x13a4  MBR partitions:
05:31:47.0559 0x13a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
05:31:47.0559 0x13a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
05:31:47.0559 0x13a4  ============================================================
05:31:47.0575 0x13a4  C: <-> \Device\Harddisk0\DR0\Partition2
05:31:47.0575 0x13a4  ============================================================
05:31:47.0575 0x13a4  Initialize success
05:31:47.0575 0x13a4  ============================================================
05:31:48.0542 0x1554  Deinitialize success



#5 rickyram

rickyram
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 27 November 2013 - 10:36 AM

# AdwCleaner v3.013 - Report created 27/11/2013 at 05:38:58
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Brew n Crew - BREWNCUE
# Running from : C:\Users\Brew n Crew\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Yontoo Desktop Updater

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\bprotector_extensions.sqlite
File Found : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\searchplugins\Conduit.xml
File Found : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\searchplugins\delta.xml
File Found : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\searchplugins\search-the-web.xml
File Found : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\user.js
File Found : C:\Users\Brew n Crew\AppData\Roaming\speedanalysis.ico
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog
Folder Found : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\Extensions\{0134af61-7a0c-4649-aeca-90d776060cb3}
Folder Found C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\ParetoLogic
Folder Found C:\Program Files (x86)\Yontoo
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\ProgramData\Alawar
Folder Found C:\ProgramData\AlawarEntertainment
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\BrowserProtect
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Brew n Crew\AppData\Local\Conduit
Folder Found C:\Users\Brew n Crew\AppData\Local\PackageAware
Folder Found C:\Users\Brew n Crew\AppData\Local\Supreme Savings
Folder Found C:\Users\Brew n Crew\AppData\LocalLow\Conduit
Folder Found C:\Users\Brew n Crew\AppData\LocalLow\Delta
Folder Found C:\Users\Brew n Crew\AppData\LocalLow\iac
Folder Found C:\Users\Brew n Crew\AppData\LocalLow\Toolbar4
Folder Found C:\Users\Brew n Crew\AppData\LocalLow\tuvaro
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Alawar
Folder Found C:\Users\Brew n Crew\AppData\Roaming\AlawarEntertainment
Folder Found C:\Users\Brew n Crew\AppData\Roaming\BabSolution
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Babylon
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Conduit
Folder Found C:\Users\Brew n Crew\AppData\Roaming\DriverCure
Folder Found C:\Users\Brew n Crew\AppData\Roaming\file scout
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\CT3291325
Folder Found C:\Users\Brew n Crew\AppData\Roaming\OpenCandy
Folder Found C:\Users\Brew n Crew\AppData\Roaming\ParetoLogic
Folder Found C:\Users\Brew n Crew\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Searchprotect
Folder Found C:\Users\Brew n Crew\AppData\Roaming\SpeedAnalysis2
Folder Found C:\Users\Brew n Crew\AppData\Roaming\Yontoo
Folder Found C:\Users\BREWNC~1\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\BREWNC~1\AppData\Local\Temp\apn
Folder Found C:\Users\BREWNC~1\AppData\Local\Temp\CT3291325

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKCU\Software\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Key Found : HKCU\Software\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\SocialBit
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\performersoft llc
Key Found : [x64] HKCU\Software\SocialBit
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbog
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Updater By Sweetpacks
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v19.0.2 (en-US)

[ File : C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\prefs.js ]

Line Found : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1368379265905,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3291325.FF19Solved", "true");
Line Found : user_pref("CT3291325.UserID", "UN19098562991699925");
Line Found : user_pref("CT3291325.addressUrlXPETakeover", "true");
Line Found : user_pref("CT3291325.autoDisableScopes", 0);
Line Found : user_pref("CT3291325.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3291325.defaultSearchXPETakeover", "true");
Line Found : user_pref("CT3291325.fullUserID", "UN19098562991699925.IN.20130806032812");
Line Found : user_pref("CT3291325.installDate", "06/08/2013 03:28:11");
Line Found : user_pref("CT3291325.installSessionId", "{F9F0ABBC-6FA4-445F-A854-D1E1B2D21EBE}");
Line Found : user_pref("CT3291325.installSp", "TRUE");
Line Found : user_pref("CT3291325.installerVersion", "1.5.4.5");
Line Found : user_pref("CT3291325.keyword", "true");
Line Found : user_pref("CT3291325.originalHomepage", "www.yahoo.com");
Line Found : user_pref("CT3291325.originalSearchAddressUrl", "");
Line Found : user_pref("CT3291325.originalSearchEngine", "Search the Web");
Line Found : user_pref("CT3291325.originalSearchEngineName", "");
Line Found : user_pref("CT3291325.searchRevert", "false");
Line Found : user_pref("CT3291325.searchUserMode", "2");
Line Found : user_pref("CT3291325.smartbar.homepage", "true");
Line Found : user_pref("CT3291325.startPageXPETakeover", "true");
Line Found : user_pref("CT3291325.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3291325.xpeMode", "3");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN13392005751515621&UM=2&SearchSource=13");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
Line Found : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.12 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&CUI=UN19098562991699925&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "KeyBar 1.12 Customized Web Search");
Line Found : user_pref("extensions.bootstrappedAddons", "{\"jid0-6JA4tra0d6oBQiPAgpBP0eWu9AQ@jetpack\":{\"version\":\"1.2.1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Brew n Crew\\\\AppData\\\\Roam[...]
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "easyinline2,YontooNewOffers");
Line Found : user_pref("extentions.y2layers.installId", "34859310-55ac-443c-970b-4f3c26723cab");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3291325");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN19098562991699925&UM=2&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN19098562991699925&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3291325");
Line Found : user_pref("smartbar.machineId", "HUEYVZMCMVI4/BORVFD1CQIIPSARJOW5T3IHZNHZPVCL69XVBC4IEXYK8QHB5SUFHW6WKSWI+QKZMALCFWLQJQ");

-\\ Google Chrome v

[ File : C:\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18956 octets] - [27/11/2013 05:38:58]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19017 octets] ##########



#6 rickyram

rickyram
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 27 November 2013 - 10:37 AM

kill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/27/2013 05:26:45 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: 1204) [WD-HEUR]
 * C:\Windows\Samsung\PanelMgr\caller64.exe (PID: 3320) [WD-HEUR]
 * C:\Users\Brew n Crew\AppData\Local\The Weather Channel\The Weather Channel App\patch\TheWeatherChannel_AppUpdater_75999.exe (PID: 3556) [UP-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\U\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\U\00000001.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\U\80000000.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$2249027146a9cce73c0ceb5e153f8e40\U\800000cb.@ [ZA File]

Checking Windows Service Integrity:

 *  (BFE) is not Running.
   Startup Type set to:

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * wscsvc [Missing Service]

 * BFE [Missing ImagePath]
 * SharedAccess [Missing ImagePath]
 * WinDefend [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/27/2013 05:27:56 AM
Execution time: 0 hours(s), 1 minute(s), and 10 seconds(s)



#7 rickyram

rickyram
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 27 November 2013 - 10:39 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Brew n Crew on Wed 11/27/2013 at  9:53:09.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2256034386-2607986128-4013070616-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A04F71B9-37F0-4F83-B6E2-5B9069892B97}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A7B033FF-44BD-44FE-B803-D18A0B2C8783}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{adff4c9a-4f49-4a1f-8885-360e107b7938}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Brew n Crew\AppData\Roaming\pluswinks"
Successfully deleted: [Folder] "C:\Users\Brew n Crew\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\Brew n Crew\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Brew n Crew\appdata\local\solid savings"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Successfully deleted the following from C:\Users\Brew n Crew\AppData\Roaming\mozilla\firefox\profiles\4x6lc6xw.default\prefs.js

user_pref("extensions.tuvaro.admin", false);
user_pref("extensions.tuvaro.aflt", "orgnl");
user_pref("extensions.tuvaro.appId", "{2768469C-717B-401F-8532-C6D88BAE0339}");
user_pref("extensions.tuvaro.autoRvrt", "false");
user_pref("extensions.tuvaro.cam", "");
user_pref("extensions.tuvaro.dfltLng", "");
user_pref("extensions.tuvaro.dfltSrch", true);
user_pref("extensions.tuvaro.dnsErr", true);
user_pref("extensions.tuvaro.excTlbr", false);
user_pref("extensions.tuvaro.ffxUnstlRst", false);
user_pref("extensions.tuvaro.hmpg", true);
user_pref("extensions.tuvaro.hmpgUrl", "hxxp://tuvaro.com/ws/?source=81a907e7&tbp=homepage&toolbarid=intxt&u=14abbb9c000000000000701a048db42c");
user_pref("extensions.tuvaro.hpOld0", "hxxp://yahoo.com/");
user_pref("extensions.tuvaro.id", "14abbb9c000000000000701a048db42c");
user_pref("extensions.tuvaro.instlDay", "15788");
user_pref("extensions.tuvaro.instlRef", "81a907e7");
user_pref("extensions.tuvaro.kw_url", "hxxp://tuvaro.com/ws/?source=81a907e7&tbp=url&toolbarid=intxt&u=14abbb9c000000000000701a048db42c&q=");
user_pref("extensions.tuvaro.newTab", true);
user_pref("extensions.tuvaro.newTabUrl", "chrome://tuvaro/content/new browser tab.html?source=81a907e7&tbp=tab&u=14abbb9c000000000000701a048db42c");
user_pref("extensions.tuvaro.prdct", "tuvaro");
user_pref("extensions.tuvaro.prtnrId", "tuvaro");
user_pref("extensions.tuvaro.rvrt", "false");
user_pref("extensions.tuvaro.smplGrp", "none");
user_pref("extensions.tuvaro.srchPrvdr", "Tuvaro");
user_pref("extensions.tuvaro.tlbrId", "intxt");
user_pref("extensions.tuvaro.tlbrSrchUrl", "hxxp://tuvaro.com/ws/?source=81a907e7&tbp=main&toolbarid=intxt&u=14abbb9c000000000000701a048db42c&q=");
user_pref("extensions.tuvaro.vrsn", "1.8.16.9");
user_pref("extensions.tuvaro.vrsnTs", "1.8.16.922:44:46");
user_pref("extensions.tuvaro.vrsni", "1.8.16.9");
user_pref("storage.arcadesafari.source", "hxxp://tt.arcadesafari.com/cmn?p=YTMzMzk2NjM4OTgtC1iQqDaFvofEI4aEpLg9gXRYn%2F7K2dqGWHEDZxUBMViau7ijYYSujHNjYOw%2B2xRAoH14XtVdp3J1SH38
Emptied folder: C:\Users\Brew n Crew\AppData\Roaming\mozilla\firefox\profiles\4x6lc6xw.default\minidumps [113 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/27/2013 at 10:01:36.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 rickyram

rickyram
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 27 November 2013 - 10:41 AM

C:\Users\All Users\7Dphr79p\serv.bat    BAT/KillAV.NDV trojan    
C:\Windows\SysWOW64\CertWWIN.dll    a variant of Win32/Kryptik.BGXQ trojan    
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir    a variant of Win32/Adware.Yontoo.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Brew n Crew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1\back.js.vir    JS/Adware.Yontoo.B application    cleaned by deleting - quarantined
C:\ProgramData\7Dphr79p\serv.bat    BAT/KillAV.NDV trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\CertWWIN.dll    a variant of Win32/Kryptik.BGXQ trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\CertWWIN64.dll    a variant of Win64/Kryptik.BM trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\ly.exe    a variant of Win32/Adware.AddLyrics.J application    cleaned by deleting - quarantined
C:\Windows\CertWWIN.dll    a variant of Win32/Kryptik.BGXQ trojan    cleaned by deleting (after the next restart) - quarantined
C:\Windows\CertWWIN64.dll    a variant of Win64/Kryptik.BM trojan    cleaned by deleting (after the next restart) - quarantined
C:\Windows\System32\CertWWIN.dll    a variant of Win32/Kryptik.BGXQ trojan    cleaned by deleting - quarantined
Operating memory    multiple threats   


C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooLayers.crx.vir    JS/Adware.Yontoo.B application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir    Win32/Bundled.Toolbar.Ask.B application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Brew n Crew\AppData\Roaming\BabSolution\CR\Delta.crx.vir    multiple threats    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Brew n Crew\AppData\Roaming\file scout\filescout.exe.vir    Win32/FileScout.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Brew n Crew\AppData\Roaming\Searchprotect\Res\SPSetup.exe.vir    multiple threats    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Brew n Crew\AppData\Roaming\Yontoo\YontooDesktop.exe.vir    a variant of MSIL/WebCake.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\BREWNC~1\AppData\Local\Temp\CT3291325\ieLogic.exe.vir    multiple threats    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\1033cb34-cb66-4036-8ea4-d0b2434d2108.crx    JS/Redirector.NCG trojan    deleted - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\0nhL53yZ.exe.part    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\apnpip.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\ApnToolbarInstaller.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\as_blekko.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\dw0wRi0X.exe.part    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\hsbing_717_active.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\ICReinstall_downloader_ez-download_com[1].exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\ICReinstall_flplayer_setup.exe    a variant of Win32/InstallCore.ES application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\jar_cache1525968672593698263.tmp    Java/Exploit.Agent.NUM trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\jar_cache2468006472710788441.tmp    a variant of Java/Exploit.CVE-2013-1493.AF trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\jar_cache4997011908287821044.tmp    a variant of Java/Exploit.CVE-2013-1493.AF trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\jar_cache583934813037349881.tmp    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\jar_cache6202921067070915722.tmp    a variant of Java/Exploit.CVE-2013-1493.AF trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\NODFD1B.tmp    a variant of Win32/Kryptik.BGXQ trojan    cleaned by deleting (after the next restart) - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\NODFEF0.tmp    a variant of Win64/Kryptik.BM trojan    cleaned by deleting (after the next restart) - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\Offercast2802_MTV_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\setup.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\Shortcut_bundlesweetimsetup_3112013.exe    probably a variant of Win32/SweetIM.C application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\tbKeyB.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\tbuTor.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\tmp-ifk.xpi    Win32/AdInstaller application    deleted - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\Zynga.exe    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\4147A68C-BAB0-7891-9798-7DB0962E717C\Latest\delta.crx    multiple threats    deleted - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\DIQ\FlashPlayer_151\setup__120.exe    a variant of Win32/Amonetize.H application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe    Win32/DomaIQ.M application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\ICReinstall\cnet_TomTomHOME2winlatest_exe[1].exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\is1598539481\zgInstaller.exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\Java7.exe\a2888d717e3a465f98560a2182cad379\Java7.exe    a variant of MSIL/DomaIQ.H application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\Java7.exe\a2888d717e3a465f98560a2182cad379\parent.txt    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS2012.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS4D18.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS5924.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS5B9F.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS7A7C.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS86EE.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCS8CD7.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCSA4BD.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCSA4FC.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCSDA33.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCSDF2C.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Local\Temp\OCSE468.tmp\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2e462a8c-470faefd    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5397ee02-7e500292    a variant of Java/Exploit.Agent.NNO trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\8704f94-20a4ac71    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\5bae2e1c-6a1d8344    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\795d97dc-2a1dd085    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\17c6079f-5ba1a10f    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\44bb5520-3c3add5b    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6dcdf133-676d6887    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\2d0027b4-77595b58    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\47554238-56406d9c    a variant of Java/Exploit.Agent.OFX trojan    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\47e1c07c-26987467    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\146becfe-3503a35f    multiple threats    cleaned by deleting - quarantined
C:\Users\Brew n Crew\AppData\Roaming\Mozilla\Firefox\Profiles\4x6lc6xw.default\extensions\jdnqjrbrfv@jdnqjrbrfv.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan    deleted - quarantined
C:\Users\Brew n Crew\Downloads\FlashPlayerPro.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\Downloads\flplayer_setup(1).exe    a variant of Win32/InstallCore.ES application    cleaned by deleting - quarantined
C:\Users\Brew n Crew\Downloads\Setup.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
C:\Windows\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
Operating memory    multiple threats   



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:27 PM

Posted 27 November 2013 - 02:38 PM

You have a Zero Access rootkit infection that requires special cleaning.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users