Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP Vista 32 bit, I'm losing her...


  • This topic is locked This topic is locked
9 replies to this topic

#1 gigglunn

gigglunn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:06 PM

Posted 16 February 2014 - 01:42 AM

I do not know where to start...
But, currently up in safe mode.
Have viruses- AVG confirmed 78 
unable to remove 76 of them.
So lets start here.


  ComboFix 14-02-14.01 - Kelly 02/15/2014  23:17:01.1.1 - x86 DSREPAIR
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.509.146 [GMT -8:00]
Running from: c:\users\Kelly\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Astrology_4aEI
c:\users\joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temp_History
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-16 to 2014-02-16  )))))))))))))))))))))))))))))))
.
.
2014-02-16 07:30 . 2014-02-16 07:30 -------- d-----w- c:\users\joe\AppData\Local\temp
2014-02-16 07:30 . 2014-02-16 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-14 20:38 . 2014-02-14 23:50 -------- d-----w- c:\users\Kelly
2014-02-14 08:14 . 2014-02-14 08:14 -------- d-----w- c:\users\joe\AppData\Local\AVG SafeGuard toolbar
2014-02-14 08:12 . 2014-02-14 08:09 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-14 08:11 . 2014-02-14 08:12 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2014-02-14 08:11 . 2014-02-14 08:13 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2014-02-14 08:10 . 2014-02-15 08:41 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2014-02-14 02:56 . 2014-02-14 02:57 -------- d-----w- c:\users\joe\.android
2014-02-14 02:56 . 2014-02-14 02:56 -------- d-----w- c:\users\joe\AppData\Local\cache
2014-02-14 02:56 . 2014-02-14 07:28 -------- d-----w- c:\users\joe\AppData\Local\Mobogenie
2014-02-14 02:55 . 2014-02-14 07:28 -------- d-----w- c:\program files\Mobogenie
2014-02-10 04:23 . 2014-02-10 16:23 -------- d-----w- c:\programdata\AVG Security Toolbar
2014-02-09 01:06 . 2014-02-09 01:06 -------- d-----w- c:\users\joe\AppData\Roaming\AVG2014
2014-02-09 01:03 . 2014-02-14 02:55 -------- d-----w- c:\programdata\AVG2014
2014-02-09 01:03 . 2014-02-09 01:03 -------- d-----w- C:\$AVG
2014-02-09 01:00 . 2014-02-09 01:00 -------- d-----w- c:\program files\AVG
2014-02-09 00:51 . 2014-02-09 01:23 -------- d-----w- c:\users\joe\AppData\Local\Avg2014
2014-01-31 02:43 . 2014-02-07 01:30 -------- d-----w- c:\program files\Shanghai
2014-01-27 12:48 . 2014-01-27 12:48 -------- d-----w- c:\windows\system32\SearchProtect
2014-01-20 05:46 . 2014-01-20 05:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-20 00:02 . 2014-02-12 03:46 -------- d-----w- c:\program files\SecretSauce
2014-01-19 23:46 . 2014-01-19 23:46 -------- d-----w- c:\users\joe\AppData\Local\Cool_Mirage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-26 06:49 . 2013-02-02 06:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 06:49 . 2011-07-07 02:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-26 05:56 . 2013-11-26 05:56 210712 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-26 05:56 . 2013-11-26 05:56 149272 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-11-26 05:49 . 2013-11-26 05:49 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2011-06-25 13:50 . 2013-08-21 01:48 161728 ----a-w- c:\program files\4ares.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-02-14 08:09 3401752 ----a-w- c:\program files\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\17.3.1.91\AVG SafeGuard toolbar_toolbar.dll" [2014-02-14 3401752]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-10-31 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-02-15 2552856]
.
c:\users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2012-12-11 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 01:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2007-12-11 02:55 323584 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 16:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-13 07:42 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 06:49]
.
2014-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-31 09:58]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-31 09:58]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EtB0FyCtC0A0ByE0E0DyE0DyDyCzzyBtN0D0Tzu0CyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=711587591&ir=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
MSConfigStartUp-Dell AIO Printer A920 - c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
MSConfigStartUp-GamingWonderland Browser Plugin Loader - c:\progra~1\GAMING~2\bar\1.bin\gtbrmon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 - c:\program files\Spybot - Search & Destroy 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-15 23:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe????????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-02-15  23:37:28
ComboFix-quarantined-files.txt  2014-02-16 07:37
.
Pre-Run: 68,787,900,416 bytes free
Post-Run: 68,919,324,672 bytes free
.
- - End Of File - - 23320FAD46AAABE27A9F3D6FF0D04A26
5C616939100B85E558DA92B899A0FC36


Edited by hamluis, 16 February 2014 - 05:11 PM.
Moved from Vista to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 18 February 2014 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If possible please run these tools in normal mode.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 gigglunn

gigglunn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:06 PM

Posted 21 February 2014 - 07:32 PM

I have been working on the problem. I just wanted to update my status. I will let you know when I finish my work.



#4 gigglunn

gigglunn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:06 PM

Posted 21 February 2014 - 11:27 PM

Attached File  addition.rtf   28.54KB   0 downloads# AdwCleaner v3.019 - Report created 21/02/2014 at 16:55:33

# Updated 17/02/2014 by Xplode

# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)

# Username : joe - JOE-PC

# Running from : G:\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\AVG Security Toolbar

[#] Folder Deleted : C:\ProgramData\BitGuard

[#] Folder Deleted : C:\ProgramData\Browser Manager

[#] Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\NCH Software

Folder Deleted : C:\ProgramData\ParetoLogic

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\ProgramData\TubeDimmer

Folder Deleted : C:\Program Files\AppGraffiti

Folder Deleted : C:\Program Files\MixiDJ_V30

Folder Deleted : C:\Program Files\Mobogenie

Folder Deleted : C:\Program Files\Trymedia

Folder Deleted : C:\Program Files\VideoDownloadConverter

Folder Deleted : C:\Windows\system32\Searchprotect

Folder Deleted : C:\Users\joe\AppData\Local\apn

Folder Deleted : C:\Users\joe\AppData\Local\cool_mirage

Folder Deleted : C:\Users\joe\AppData\Local\Mobogenie

Folder Deleted : C:\Users\joe\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\joe\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\joe\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\joe\AppData\LocalLow\MixiDJ_V30

Folder Deleted : C:\Users\joe\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\joe\AppData\Roaming\digitalsite

Folder Deleted : C:\Users\joe\AppData\Roaming\DriverCure

Folder Deleted : C:\Users\joe\AppData\Roaming\NCH Software

Folder Deleted : C:\Users\joe\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\joe\AppData\Roaming\ParetoLogic

Folder Deleted : C:\Users\joe\Documents\Mobogenie

Folder Deleted : C:\Users\joe\Documents\PC Health Kit

Folder Deleted : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

Folder Deleted : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Folder Deleted : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

File Deleted : C:\alotserviceruntime.log

File Deleted : C:\Users\joe\AppData\Local\mysearchdial-speeddial.crx

File Deleted : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Mysearchdial.xml

File Deleted : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

File Deleted : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

File Deleted : C:\Windows\Tasks\MySearchDial.job

File Deleted : C:\Windows\System32\Tasks\MySearchDial

File Deleted : C:\Windows\Tasks\paretologic registration3.job

File Deleted : C:\Windows\System32\Tasks\paretologic registration3

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8785C751-5B02-4B7F-A6E3-6F28EC09974C}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8785C751-5B02-4B7F-A6E3-6F28EC09974C}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BEB2905-19BB-4D3B-BB35-55DC27A2F86E}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BEB2905-19BB-4D3B-BB35-55DC27A2F86E}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72B1A798-0251-4157-8683-78B4A11EBB36}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4AB475F-AB62-4302-AC69-D12E1C5B1AEA}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4AB475F-AB62-4302-AC69-D12E1C5B1AEA}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\InstalledThirdPartyPrograms

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\powerpack

Key Deleted : HKCU\Software\Unitech LLC

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\InstalledThirdPartyPrograms

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\Software\Unitech LLC

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16533

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

 

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EtB0FyCtC0A0ByE0E0DyE0DyDyCzzyBtN0D0Tzu0CyCzzyDtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R[...]

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

 

-\\ Google Chrome v33.0.1750.117

 

[ File : C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : icon_url

 

*************************

 

AdwCleaner[R0].txt - [12133 octets] - [21/02/2014 16:37:52]

AdwCleaner[S0].txt - [10956 octets] - [21/02/2014 16:55:34]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11017 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.2 (02.20.2014:1)

OS: Windows Vista ™ Ultimate x86

Ran by joe on Fri 02/21/2014 at 19:08:30.38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\dynconie.dynconieobject.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Windows\System32\Tasks\LyricsFriend-1-chromeinstaller

Successfully deleted: [File] C:\Windows\System32\Tasks\LyricsFriend-1-codedownloader

Successfully deleted: [File] C:\Windows\System32\Tasks\LyricsFriend-1-enabler

Successfully deleted: [File] C:\Windows\System32\Tasks\LyricsFriend-1-firefoxinstaller

Successfully deleted: [File] C:\Windows\System32\Tasks\LyricsFriend-1-updater

Successfully deleted: [File] "C:\Users\joe\appdata\locallow\SkwConfig.bin"

Successfully deleted: [File] C:\Program Files\4ares.dll

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\joe\AppData\Roaming\bargainmatch"

Successfully deleted: [Folder] "C:\Users\joe\appdata\locallow\whitesmoke_new"

Successfully deleted: [Folder] "C:\Program Files\secretsauce"

Successfully deleted: [Folder] "C:\Program Files\whitesmoke_new"

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\joe\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Successfully deleted: [Folder] C:\Users\joe\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp

Successfully deleted: [Folder] C:\Users\joe\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/21/2014 at 19:12:21.14

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014

Ran by joe (administrator) on JOE-PC on 21-02-2014 19:29:57

Running from C:\Users\joe\Desktop\farbar

Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-10-31] (RealNetworks, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\RunOnce: [NoIE4StubProcessing] - C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f [61952 2009-04-10] (Microsoft Corporation)

HKLM\...\RunOnce: [Install Toolbar] - "C:\Program Files\DriverUpdate\avgtoolbar.exe"  /INSTALL /ENABLEDSP /ENABLEHOMEPAGE /PASSWORD=TB38GF9P66 /SILENT /DISTRIBUTIONSOURCE=ts018 /LOCAL=us /PROFILE=SATB /BROWSER=ALL [4517400 2013-09-02] (AVG Secure Search)

HKLM\...\RunOnce: [TBMon] - C:\Program Files\DriverUpdate\tbmon.exe [334144 2013-09-02] (TODO: <Company name>)

HKLM\...\RunOnce: [BrandClearStubs] - RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{ef80747a-e487-43d6-b506-f8d6c1dc338f} [353584 2013-08-10] (Microsoft Corporation)

HKLM\...\Runonce: [20131030] - C:\Program Files\AVAST Software\Avast\setup\emupdate\231790bd-490f-4a66-b5da-39c8e5b7b841.exe /check

HKLM\...\Runonce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"

HKLM\...\Runonce: [Del25537500] - cmd.exe /Q /D /c del "C:\Users\joe\AppData\Local\Temp\0.del"

HKLM\...\Runonce: [Del25920390] - cmd.exe /Q /D /c del "C:\Users\joe\AppData\Local\Temp\0.del"

HKLM\...\Runonce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\da9088f5-6c95-4243-97b4-3a26686a0499.exe /check

HKLM\...\Runonce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"

HKLM\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\Run: [AVG-Secure-Search-Update_0214c] - C:\Users\joe\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=981a53c9343647d39619a36891046344-e8c4c19241bca429275b19f5e82baa261ad66af0 /CMPID=0214c

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\MountPoints2: E - E:\Setup.EXE

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\MountPoints2: {2337f707-99b3-11e3-8f6c-7221d7e08ab7} - H:\LaunchU3.exe -a

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\MountPoints2: {719866dd-deeb-11de-a9d4-0011113ea8d8} - G:\mbdm.exe

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\MountPoints2: {7dce85e7-fdfe-11e1-9469-7221d7e08ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cHRiS HANcoCk.eXE

HKU\S-1-5-21-1599626515-3167010251-267598940-1000\...\MountPoints2: {fc34977e-965b-11e2-ba45-7221d7e08ab7} - G:\ZTE_Handset_USB_Driver.exe

Startup: C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {2381E4B7-5C04-459E-9D46-2F9AC1608B66} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search

BHO: Yahooo Search Protection - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll (LizardTech)

Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\ExpressView\expressview.dll (LizardTech)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: Lizardtech ExpressViewPlugin - C:\Program Files\LizardTech\ExpressView\npexview.dll (LizardTech)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\joe\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: TopArcadeHits - C:\Users\joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-08-10]

FF Extension: No Name - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-11-07]

FF Extension: No Name - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-11-07]

FF Extension: Torntv 3 - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-31]

 

Chrome:

=======

CHR HomePage: homepage_is_newtabpage

CHR Extension: (YouTube) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-01]

CHR Extension: (Google Search) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-01]

CHR Extension: (iVidi Chrome Toolbar) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2013-09-14]

CHR Extension: (Gmail) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-01]

CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-02-01]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

 

========================== Services (Whitelisted) =================

 

S4 dlbk_device; C:\Windows\system32\dlbkcoms.exe [537840 2007-06-25] ( )

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)

S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)

S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)

S0 OemBiosDevice; C:\Windows\System32\drivers\royal.sys [240128 2009-12-01] (PARADOX)

S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-09-16] ()

R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)

R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]

R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]

R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]

R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]

R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-21 19:28 - 2014-02-21 19:29 - 00000000 ____D () C:\Users\joe\Desktop\farbar

2014-02-21 19:26 - 2014-02-21 19:29 - 00000000 ____D () C:\FRST

2014-02-21 19:12 - 2014-02-21 19:12 - 00003196 _____ () C:\Users\joe\Desktop\JRT.txt

2014-02-21 19:08 - 2014-02-21 19:08 - 00000000 ____D () C:\Windows\ERUNT

2014-02-21 19:05 - 2014-02-21 19:06 - 01037734 _____ (Thisisu) C:\Users\joe\Desktop\JRT.exe

2014-02-21 18:13 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-02-21 18:13 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-02-21 18:13 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-02-21 18:13 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-02-21 16:37 - 2014-02-21 16:55 - 00000000 ____D () C:\AdwCleaner

2014-02-19 00:36 - 2014-02-05 00:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-19 00:36 - 2014-02-05 00:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-19 00:36 - 2014-02-05 00:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-19 00:36 - 2014-02-05 00:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-19 00:36 - 2014-02-05 00:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-19 00:36 - 2014-02-05 00:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-19 00:36 - 2014-02-05 00:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-19 00:36 - 2014-02-05 00:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-19 00:36 - 2014-02-05 00:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-19 00:36 - 2014-02-05 00:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-19 00:36 - 2014-02-05 00:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-19 00:36 - 2014-02-05 00:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-19 00:36 - 2014-02-05 00:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-19 00:36 - 2014-02-05 00:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-19 00:36 - 2014-02-05 00:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-19 00:36 - 2014-02-05 00:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-18 21:57 - 2014-02-18 21:58 - 00000000 ____D () C:\Program Files\GUMC99D.tmp

2014-02-18 21:57 - 2014-02-18 21:57 - 49940480 _____ () C:\Program Files\GUTCA0B.tmp

2014-02-18 21:37 - 2014-02-18 21:37 - 00100432 _____ () C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT

2014-02-18 21:37 - 2014-02-18 21:37 - 00000680 _____ () C:\Users\Kelly\AppData\Local\d3d9caps.dat

2014-02-18 19:19 - 2014-02-18 19:19 - 00000000 ____D () C:\Users\Kelly\Desktop\SearchProtect

2014-02-17 16:24 - 2014-02-17 16:32 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Real

2014-02-17 00:10 - 2014-02-17 00:10 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Adobe

2014-02-15 23:37 - 2014-02-15 23:37 - 00010501 _____ () C:\ComboFix.txt

2014-02-15 23:37 - 2014-02-15 23:37 - 00000000 ____D () C:\Users\joe\AppData\Local\Temp(74)

2014-02-15 23:11 - 2014-02-15 23:37 - 00000000 ____D () C:\Qoobox

2014-02-15 19:13 - 2014-02-15 19:13 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Google

2014-02-14 16:05 - 2014-02-14 17:38 - 00007444 _____ () C:\Users\Kelly\Desktop\avgrep.txt

2014-02-14 13:54 - 2014-02-14 13:54 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Apple

2014-02-14 12:44 - 2014-02-14 16:05 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Avg2014

2014-02-14 12:38 - 2014-02-18 21:47 - 00000000 ____D () C:\Users\Kelly

2014-02-14 12:38 - 2013-09-12 07:58 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\TuneUp Software

2014-02-14 12:38 - 2013-09-10 12:23 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Microsoft Help

2014-02-14 12:38 - 2011-05-15 11:43 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Macromedia

2014-02-14 01:04 - 2014-02-18 17:40 - 00104960 ___SH () C:\Users\Public\Downloads\Thumbs.db

2014-02-14 01:01 - 2014-02-14 01:01 - 00000000 ____D () C:\Users\Public\Downloads\KKK

2014-02-14 00:48 - 2013-09-30 15:16 - 00181384 _____ () C:\Users\Public\Downloads\details.htm

2014-02-14 00:48 - 2013-09-26 13:47 - 00001609 _____ () C:\Users\Public\Downloads\calendar.ics

2014-02-14 00:37 - 2013-09-30 18:28 - 571322368 _____ () C:\Users\Public\Downloads\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso

2014-02-14 00:33 - 2013-12-06 20:45 - 00045149 _____ () C:\Users\Public\Downloads\view;_ylt=AwrTcXI4p6JSHEkAinCJzbkF

2014-02-14 00:33 - 2013-12-06 20:44 - 00040599 _____ () C:\Users\Public\Downloads\view;_ylt=AwrTcXImp6JSRE8A4WyJzbkF

2014-02-14 00:33 - 2013-12-06 15:30 - 00012869 _____ () C:\Users\Public\Downloads\bediso.zip

2014-02-14 00:33 - 2013-12-06 14:41 - 00007208 _____ () C:\Users\Public\Downloads\bunkbeds.zip

2014-02-14 00:33 - 2013-11-30 16:08 - 00025975 _____ () C:\Users\Public\Downloads\view;_ylt=AwrTcXtVfZpSuf8AcjCJzbkF

2014-02-14 00:33 - 2013-11-08 09:56 - 00001316 _____ () C:\Users\Public\Downloads\em-config.txt

2014-02-14 00:32 - 2014-01-19 16:09 - 00010255 _____ () C:\Users\Public\Downloads\Unconfirmed 364789.crdownload

2014-02-14 00:32 - 2014-01-19 16:09 - 00010255 _____ () C:\Users\Public\Downloads\Unconfirmed 180364.crdownload

2014-02-14 00:32 - 2014-01-10 00:21 - 00001426 _____ () C:\Users\Public\Downloads\downloadLetter.php

2014-02-14 00:32 - 2014-01-09 22:44 - 00070919 _____ () C:\Users\Public\Downloads\Brieffm.wpd

2014-02-14 00:32 - 2014-01-09 22:44 - 00027602 _____ () C:\Users\Public\Downloads\Brieffmt.wpd

2014-02-14 00:32 - 2014-01-09 22:00 - 00020480 _____ () C:\Users\Public\Downloads\Download-Sample-Statement-Letter-For-Court-In-Word-Format.doc.crdownload

2014-02-14 00:31 - 2014-02-14 00:31 - 00000000 ____D () C:\Users\Public\Documents\PC Health Kit

2014-02-14 00:31 - 2014-02-14 00:31 - 00000000 ____D () C:\Users\Public\Documents\OneNote Notebooks

2014-02-14 00:31 - 2014-02-13 18:56 - 00000000 ____D () C:\Users\Public\Documents\Mobogenie

2014-02-14 00:31 - 2014-02-11 09:01 - 00005484 _____ () C:\Users\Public\Documents\SnoodPrf.21

2014-02-14 00:30 - 2014-02-14 00:30 - 00000000 ____D () C:\Users\Public\Documents\CHERYL

2014-02-13 19:07 - 2014-02-13 19:07 - 00000177 _____ () C:\Users\joe\Desktop\avgrep.txt

2014-02-13 18:56 - 2014-02-13 18:57 - 00000000 ____D () C:\Users\joe\.android

2014-02-13 18:56 - 2014-02-13 18:56 - 00000000 ____D () C:\Users\joe\AppData\Local\cache

2014-02-13 18:56 - 2014-02-13 18:56 - 00000000 _____ () C:\Users\joe\daemonprocess.txt

2014-02-13 18:46 - 2014-02-13 18:46 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com

2014-02-13 18:42 - 2014-02-13 18:45 - 04462384 _____ (AVG Technologies) C:\Users\joe\Downloads\avg_free_stb_all_2014_4335_cnet.exe

2014-02-12 22:36 - 2014-02-18 21:22 - 00012394 _____ () C:\Windows\PFRO.log

2014-02-12 22:30 - 2014-02-21 16:28 - 00000795 _____ () C:\Windows\setupact.log

2014-02-11 09:01 - 2014-02-11 09:01 - 00005484 _____ () C:\Users\joe\Documents\SnoodPrf.21

2014-02-09 20:39 - 2014-02-21 18:13 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

2014-02-09 12:36 - 2014-02-09 12:37 - 00000000 ____D () C:\Users\joe\Desktop\Kelly

2014-02-08 17:06 - 2014-02-08 17:06 - 00000000 ____D () C:\Users\joe\AppData\Roaming\AVG2014

2014-02-08 17:03 - 2014-02-21 18:54 - 00000000 ____D () C:\ProgramData\AVG2014

2014-02-08 17:03 - 2014-02-08 17:03 - 00000000 ____D () C:\$AVG

2014-02-08 17:00 - 2014-02-08 17:00 - 00000000 ____D () C:\Program Files\AVG

2014-02-08 16:51 - 2014-02-08 17:23 - 00000000 ____D () C:\Users\joe\AppData\Local\Avg2014

2014-01-30 18:43 - 2014-02-06 17:30 - 00000000 ____D () C:\Program Files\Shanghai

2014-01-24 22:42 - 2014-01-24 22:43 - 00139304 _____ () C:\Windows\Minidump\Mini012414-01.dmp

2014-01-23 13:14 - 2014-01-24 22:42 - 94519324 _____ () C:\Windows\MEMORY.DMP

2014-01-23 13:14 - 2014-01-23 13:14 - 00139304 _____ () C:\Windows\Minidump\Mini012314-01.dmp

 

==================== One Month Modified Files and Folders =======

 

2014-02-21 19:29 - 2014-02-21 19:28 - 00000000 ____D () C:\Users\joe\Desktop\farbar

2014-02-21 19:29 - 2014-02-21 19:26 - 00000000 ____D () C:\FRST

2014-02-21 19:12 - 2014-02-21 19:12 - 00003196 _____ () C:\Users\joe\Desktop\JRT.txt

2014-02-21 19:08 - 2014-02-21 19:08 - 00000000 ____D () C:\Windows\ERUNT

2014-02-21 19:06 - 2014-02-21 19:05 - 01037734 _____ (Thisisu) C:\Users\joe\Desktop\JRT.exe

2014-02-21 18:54 - 2014-02-08 17:03 - 00000000 ____D () C:\ProgramData\AVG2014

2014-02-21 18:54 - 2013-08-22 15:40 - 00000000 ____D () C:\ProgramData\MFAData

2014-02-21 18:45 - 2013-09-27 13:30 - 00000000 ____D () C:\ProgramData\Oracle

2014-02-21 18:39 - 2006-11-02 04:46 - 00005648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-21 18:39 - 2006-11-02 04:46 - 00005648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-21 18:38 - 2006-11-02 04:51 - 01976546 _____ () C:\Windows\WindowsUpdate.log

2014-02-21 18:13 - 2014-02-09 20:39 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log

2014-02-21 18:13 - 2013-08-10 20:01 - 00000000 ____D () C:\Program Files\Java

2014-02-21 18:00 - 2013-10-31 01:58 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-21 17:56 - 2013-08-24 19:10 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2014-02-21 17:56 - 2006-11-02 05:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-21 17:50 - 2006-11-02 05:00 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-02-21 16:55 - 2014-02-21 16:37 - 00000000 ____D () C:\AdwCleaner

2014-02-21 16:30 - 2006-11-02 02:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-21 16:28 - 2014-02-12 22:30 - 00000795 _____ () C:\Windows\setupact.log

2014-02-21 16:25 - 2013-09-16 21:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-21 16:00 - 2013-10-31 01:58 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-19 02:52 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-02-19 01:15 - 2013-08-10 18:52 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-19 00:54 - 2013-08-24 19:10 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2014-02-19 00:53 - 2006-11-02 02:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-02-18 21:58 - 2014-02-18 21:57 - 00000000 ____D () C:\Program Files\GUMC99D.tmp

2014-02-18 21:57 - 2014-02-18 21:57 - 49940480 _____ () C:\Program Files\GUTCA0B.tmp

2014-02-18 21:47 - 2014-02-14 12:38 - 00000000 ____D () C:\Users\Kelly

2014-02-18 21:46 - 2009-12-01 18:27 - 00000000 ____D () C:\Users\joe

2014-02-18 21:46 - 2006-11-02 02:22 - 48496640 _____ () C:\Windows\system32\config\software_previous

2014-02-18 21:46 - 2006-11-02 02:22 - 43778048 _____ () C:\Windows\system32\config\components_previous

2014-02-18 21:46 - 2006-11-02 02:22 - 27525120 _____ () C:\Windows\system32\config\system_previous

2014-02-18 21:46 - 2006-11-02 02:22 - 04980736 _____ () C:\Windows\system32\config\default_previous

2014-02-18 21:46 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\security_previous

2014-02-18 21:46 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous

2014-02-18 21:45 - 2014-01-13 19:53 - 00000000 ____D () C:\Program Files\VistaSerial.v1.3.WinAll-CAT

2014-02-18 21:45 - 2013-10-06 02:07 - 00000000 ____D () C:\Program Files\AVAST Software

2014-02-18 21:45 - 2013-09-14 10:56 - 00000000 ___RD () C:\Tech

2014-02-18 21:45 - 2013-08-24 19:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2

2014-02-18 21:45 - 2006-11-02 04:35 - 00000000 ____D () C:\Program Files\Windows Photo Gallery

2014-02-18 21:45 - 2006-11-02 03:18 - 00000000 __RHD () C:\Users\Default

2014-02-18 21:45 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\spool

2014-02-18 21:45 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-02-18 21:45 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration

2014-02-18 21:37 - 2014-02-18 21:37 - 00100432 _____ () C:\Users\Kelly\AppData\Local\GDIPFONTCACHEV1.DAT

2014-02-18 21:37 - 2014-02-18 21:37 - 00000680 _____ () C:\Users\Kelly\AppData\Local\d3d9caps.dat

2014-02-18 21:22 - 2014-02-12 22:36 - 00012394 _____ () C:\Windows\PFRO.log

2014-02-18 19:19 - 2014-02-18 19:19 - 00000000 ____D () C:\Users\Kelly\Desktop\SearchProtect

2014-02-18 17:40 - 2014-02-14 01:04 - 00104960 ___SH () C:\Users\Public\Downloads\Thumbs.db

2014-02-17 16:32 - 2014-02-17 16:24 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Real

2014-02-17 16:20 - 2013-09-14 10:56 - 00000000 ____D () C:\Users\Public\Documents\Tech

2014-02-17 00:10 - 2014-02-17 00:10 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Adobe

2014-02-15 23:37 - 2014-02-15 23:37 - 00010501 _____ () C:\ComboFix.txt

2014-02-15 23:37 - 2014-02-15 23:37 - 00000000 ____D () C:\Users\joe\AppData\Local\Temp(74)

2014-02-15 23:37 - 2014-02-15 23:11 - 00000000 ____D () C:\Qoobox

2014-02-15 23:37 - 2006-11-02 03:18 - 00000000 ___RD () C:\Users\Public

2014-02-15 19:13 - 2014-02-15 19:13 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Google

2014-02-14 17:38 - 2014-02-14 16:05 - 00007444 _____ () C:\Users\Kelly\Desktop\avgrep.txt

2014-02-14 16:05 - 2014-02-14 12:44 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Avg2014

2014-02-14 13:54 - 2014-02-14 13:54 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Apple

2014-02-14 01:01 - 2014-02-14 01:01 - 00000000 ____D () C:\Users\Public\Downloads\KKK

2014-02-14 00:31 - 2014-02-14 00:31 - 00000000 ____D () C:\Users\Public\Documents\PC Health Kit

2014-02-14 00:31 - 2014-02-14 00:31 - 00000000 ____D () C:\Users\Public\Documents\OneNote Notebooks

2014-02-14 00:30 - 2014-02-14 00:30 - 00000000 ____D () C:\Users\Public\Documents\CHERYL

2014-02-13 23:25 - 2009-12-01 18:27 - 00001356 _____ () C:\Users\joe\AppData\Local\d3d9caps.dat

2014-02-13 19:07 - 2014-02-13 19:07 - 00000177 _____ () C:\Users\joe\Desktop\avgrep.txt

2014-02-13 18:57 - 2014-02-13 18:56 - 00000000 ____D () C:\Users\joe\.android

2014-02-13 18:56 - 2014-02-14 00:31 - 00000000 ____D () C:\Users\Public\Documents\Mobogenie

2014-02-13 18:56 - 2014-02-13 18:56 - 00000000 ____D () C:\Users\joe\AppData\Local\cache

2014-02-13 18:56 - 2014-02-13 18:56 - 00000000 _____ () C:\Users\joe\daemonprocess.txt

2014-02-13 18:46 - 2014-02-13 18:46 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com

2014-02-13 18:45 - 2014-02-13 18:42 - 04462384 _____ (AVG Technologies) C:\Users\joe\Downloads\avg_free_stb_all_2014_4335_cnet.exe

2014-02-13 18:34 - 2013-11-01 16:10 - 00000010 _____ () C:\Windows\popcinfo.dat

2014-02-12 22:36 - 2013-10-06 02:05 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-02-11 19:15 - 2006-11-02 02:23 - 00002577 _____ () C:\Windows\system32\config.nt

2014-02-11 19:06 - 2013-04-14 17:39 - 00000000 ____D () C:\Windows\Minidump

2014-02-11 19:06 - 2012-08-11 14:33 - 00000000 ____D () C:\Windows\system32\Adobe

2014-02-11 19:05 - 2013-10-31 23:26 - 00000000 ____D () C:\Users\joe\AppData\Roaming\IrfanView

2014-02-11 19:05 - 2013-10-06 01:54 - 00000000 ____D () C:\Users\joe\Documents\Jobs

2014-02-11 19:05 - 2013-09-29 14:33 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Winamp

2014-02-11 19:05 - 2013-08-11 19:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-02-11 19:05 - 2009-12-01 22:15 - 00000000 ____D () C:\Users\joe\AppData\Local\Microsoft Help

2014-02-11 19:05 - 2009-12-01 18:27 - 00000000 ___RD () C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-02-11 19:05 - 2009-12-01 18:27 - 00000000 ___RD () C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-02-11 19:03 - 2014-01-13 19:59 - 00000000 ____D () C:\Program Files\Caminova

2014-02-11 19:03 - 2013-12-26 10:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-02-11 19:03 - 2013-11-01 00:07 - 00000000 ____D () C:\Program Files\PopCap Games

2014-02-11 19:03 - 2013-10-31 23:26 - 00000000 ____D () C:\Program Files\IrfanView

2014-02-11 19:03 - 2013-10-31 23:21 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-02-11 19:03 - 2013-10-31 23:21 - 00000000 ____D () C:\Program Files\LizardTech

2014-02-11 19:03 - 2013-10-31 02:03 - 00000000 ____D () C:\ProgramData\RealNetworks

2014-02-11 19:03 - 2013-10-31 02:03 - 00000000 ____D () C:\Program Files\RealNetworks

2014-02-11 19:03 - 2013-10-31 02:02 - 00000000 ____D () C:\Program Files\Common Files\xing shared

2014-02-11 19:02 - 2013-11-08 15:25 - 00000000 ____D () C:\Program Files\FOXIT SOFTWARE

2014-02-11 19:02 - 2013-09-29 14:33 - 00000000 ____D () C:\Program Files\Winamp

2014-02-11 19:02 - 2013-09-28 07:09 - 00000000 ____D () C:\Program Files\Citrix

2014-02-11 19:02 - 2009-12-01 22:14 - 00000000 __RHD () C:\MSOCache

2014-02-11 19:02 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\system32\networklist

2014-02-11 09:01 - 2014-02-14 00:31 - 00005484 _____ () C:\Users\Public\Documents\SnoodPrf.21

2014-02-11 09:01 - 2014-02-11 09:01 - 00005484 _____ () C:\Users\joe\Documents\SnoodPrf.21

2014-02-09 12:37 - 2014-02-09 12:36 - 00000000 ____D () C:\Users\joe\Desktop\Kelly

2014-02-08 17:23 - 2014-02-08 16:51 - 00000000 ____D () C:\Users\joe\AppData\Local\Avg2014

2014-02-08 17:06 - 2014-02-08 17:06 - 00000000 ____D () C:\Users\joe\AppData\Roaming\AVG2014

2014-02-08 17:03 - 2014-02-08 17:03 - 00000000 ____D () C:\$AVG

2014-02-08 17:00 - 2014-02-08 17:00 - 00000000 ____D () C:\Program Files\AVG

2014-02-06 17:30 - 2014-01-30 18:43 - 00000000 ____D () C:\Program Files\Shanghai

2014-02-05 00:58 - 2014-02-19 00:36 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-05 00:56 - 2014-02-19 00:36 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-05 00:53 - 2014-02-19 00:36 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-05 00:51 - 2014-02-19 00:36 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-05 00:50 - 2014-02-19 00:36 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-05 00:49 - 2014-02-19 00:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-05 00:49 - 2014-02-19 00:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-02-05 00:48 - 2014-02-19 00:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-05 00:48 - 2014-02-19 00:36 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-02-05 00:48 - 2014-02-19 00:36 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-05 00:48 - 2014-02-19 00:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-05 00:48 - 2014-02-19 00:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-05 00:47 - 2014-02-19 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-05 00:47 - 2014-02-19 00:36 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-05 00:47 - 2014-02-19 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-02-05 00:46 - 2014-02-19 00:36 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-01-30 18:47 - 2013-09-14 10:40 - 00000000 ___RD () C:\GAMES

2014-01-24 22:43 - 2014-01-24 22:42 - 00139304 _____ () C:\Windows\Minidump\Mini012414-01.dmp

2014-01-24 22:42 - 2014-01-23 13:14 - 94519324 _____ () C:\Windows\MEMORY.DMP

2014-01-23 13:14 - 2014-01-23 13:14 - 00139304 _____ () C:\Windows\Minidump\Mini012314-01.dmp

 

Some content of TEMP:

====================

C:\Users\joe\AppData\Local\Temp\chrome.exe

C:\Users\joe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\joe\AppData\Local\Temp\nsc30E3.exe

C:\Users\joe\AppData\Local\Temp\nsn8B6D.exe

C:\Users\joe\AppData\Local\Temp\nso299E.exe

C:\Users\joe\AppData\Local\Temp\nso4EB2.exe

C:\Users\joe\AppData\Local\Temp\nsuC2B5.exe

C:\Users\joe\AppData\Local\Temp\nswBBCE.exe

C:\Users\joe\AppData\Local\Temp\Quarantine.exe

C:\Users\joe\AppData\Local\Temp\setup__5043.exe

C:\Users\joe\AppData\Local\Temp\SPSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-21 18:07

 

==================== End Of Log ===========================

 

Hello, as I may have previously indicated this is relatively new to me so I hope I have done it correctly. After running these programs the computer is responding much better. The Conduit Search is what I have noticed still persisting. Thank you for your time. Looking forward to the next step.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 22 February 2014 - 09:10 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKLM\...\RunOnce: [Install Toolbar] - "C:\Program Files\DriverUpdate\avgtoolbar.exe"  /INSTALL /ENABLEDSP /ENABLEHOMEPAGE /PASSWORD=TB38GF9P66 /SILENT /DISTRIBUTIONSOURCE=ts018 /LOCAL=us /PROFILE=SATB /BROWSER=ALL [4517400 2013-09-02] (AVG Secure Search)
HKLM\...\Runonce: [Del25537500] - cmd.exe /Q /D /c del "C:\Users\joe\AppData\Local\Temp\0.del"
HKLM\...\Runonce: [Del25920390] - cmd.exe /Q /D /c del "C:\Users\joe\AppData\Local\Temp\0.del"
HKLM\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: TopArcadeHits - C:\Users\joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-08-10]
FF Extension: No Name - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-11-07]
FF Extension: No Name - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-11-07]
FF Extension: Torntv 3 - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef 
C:\Users\joe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\joe\AppData\Local\Temp\nsc30E3.exe
C:\Users\joe\AppData\Local\Temp\nsn8B6D.exe
C:\Users\joe\AppData\Local\Temp\nso299E.exe
C:\Users\joe\AppData\Local\Temp\nso4EB2.exe
C:\Users\joe\AppData\Local\Temp\nsuC2B5.exe
C:\Users\joe\AppData\Local\Temp\nswBBCE.exe
C:\Users\joe\AppData\Local\Temp\Quarantine.exe
C:\Users\joe\AppData\Local\Temp\setup__5043.exe
C:\Users\joe\AppData\Local\Temp\SPSetup.exe

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.


Restart the computer normally.
=================

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please let me know what problem persists.

#6 gigglunn

gigglunn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:06 PM

Posted 25 February 2014 - 08:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-02-2014
Ran by joe at 2014-02-25 17:35:30 Run:1
Running from C:\Users\joe\Desktop\farbar
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\RunOnce: [Install Toolbar] - "C:\Program Files\DriverUpdate\avgtoolbar.exe"  /INSTALL /ENABLEDSP /ENABLEHOMEPAGE /PASSWORD=TB38GF9P66 /SILENT /DISTRIBUTIONSOURCE=ts018 /LOCAL=us /PROFILE=SATB /BROWSER=ALL [4517400 2013-09-02] (AVG Secure Search)
HKLM\...\Runonce: [Del25537500] - cmd.exe /Q /D /c del "C:\Users\joe\AppData\Local\Temp\0.del"
HKLM\...\Runonce: [Del25920390] - cmd.exe /Q /D /c del "C:\Users\joe\AppData\Local\Temp\0.del"
HKLM\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Extension: TopArcadeHits - C:\Users\joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} [2013-08-10]
FF Extension: No Name - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-11-07]
FF Extension: No Name - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-11-07]
FF Extension: Torntv 3 - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef 
C:\Users\joe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\joe\AppData\Local\Temp\nsc30E3.exe
C:\Users\joe\AppData\Local\Temp\nsn8B6D.exe
C:\Users\joe\AppData\Local\Temp\nso299E.exe
C:\Users\joe\AppData\Local\Temp\nso4EB2.exe
C:\Users\joe\AppData\Local\Temp\nsuC2B5.exe
C:\Users\joe\AppData\Local\Temp\nswBBCE.exe
C:\Users\joe\AppData\Local\Temp\Quarantine.exe
C:\Users\joe\AppData\Local\Temp\setup__5043.exe
C:\Users\joe\AppData\Local\Temp\SPSetup.exe
 
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Install Toolbar => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del25537500 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del25920390 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallCleanUp => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\joe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} => Moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions => Moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins => Moved successfully.
C:\Users\joe\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi => Moved successfully.
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef directory not found.
C:\Users\joe\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\nsc30E3.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\nsn8B6D.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\nso299E.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\nso4EB2.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\nsuC2B5.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\nswBBCE.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\setup__5043.exe => Moved successfully.
C:\Users\joe\AppData\Local\Temp\SPSetup.exe => Moved successfully.
 
==== End of Fixlog ====
ok The results from the security check will be next.


#7 gigglunn

gigglunn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:06 PM

Posted 25 February 2014 - 09:07 PM

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java™ 7    
 Java 7 Update 51  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 
 
Hello, the only problem I can see is still persisting is Search Conduit. I cannot put my toolbar up the way I want it. My default browser is search conduit and I don't want it at all. I want to uninstall Chrome all together but not sure what happened to IE.Thank you again for your time. 
P.S. Not sure how to tell what is still persisting.It is running somewhat better but still a lot of noise from the hard drive


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 26 February 2014 - 09:36 AM

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Keep me posted.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 03 March 2014 - 09:38 AM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:06 PM

Posted 09 March 2014 - 08:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users