Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with HQTotalS. Cannot uninstall. Popups/redirects.


  • This topic is locked This topic is locked
10 replies to this topic

#1 armygreen

armygreen

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 12 April 2014 - 01:56 AM

ACES Laptop with Windows 7 Home Premium (Service Pack 1) 64bit.  Intel Core i3-2310M CPU @2.10GHz. 4GB Ram. 

 

I was infected with several AdWare programs.  I uninstalled them.  However, when I try to uninstall HQTotalS, the uninstall file does not seem to run.  When Firefox is open I can click anywhere on the browser and another tab will open and redirect and/or I'll get pop-ups.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Owner at 23:43:22 on 2014-04-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.2222 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2So30kcVeSma8EwBMK_XyTfa3prtYE_pdhzXoIU_XN8-aJb9wuQV9RVHc4WBo4NA,,
uSearch Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
uSearch Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
uProxyServer =
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: HQTotalS: {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQTotalS\HQTotalS-bho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [MAgent] C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1153A92A-4BA5-46DB-9F7F-5FC39CA71A14} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{A2E486F4-1C03-4927-9222-464877738709} : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{AF641A33-6D58-4FBA-A0A5-A5280B84BC03} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AF641A33-6D58-4FBA-A0A5-A5280B84BC03}\0534453547F6275693931383 : DHCPNameServer = 192.168.11.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: HQTotalS: {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQTotalS\HQTotalS-bho64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-4-1 283064]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2014-1-21 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2014-1-21 178272]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2014-1-21 214512]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2211000]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-2-17 13336]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-17 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-19 52264]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2014-1-21 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2014-1-21 29280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-19 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-19 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-2-19 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-17 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-3-26 115296]
.
=============== Created Last 30 ================
.
2014-04-02 00:41:02    --------    d-----w-    C:\Users\Owner\AppData\Roaming\uTorrent
2014-04-02 00:36:45    --------    d-----w-    C:\Program Files (x86)\Caramava
2014-04-02 00:34:26    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2014-04-02 00:34:22    --------    d-----w-    C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2014-04-02 00:34:20    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2014-04-02 00:33:44    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2014-03-27 03:58:43    110176    ----a-w-    C:\Windows\System32\klfphc.dll
2014-03-27 03:58:16    --------    d-----w-    C:\Windows\ELAMBKUP
2014-03-27 03:58:14    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-03-27 03:58:14    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-03-27 03:58:09    115296    ----a-w-    C:\Windows\System32\drivers\klflt.sys
2014-03-26 03:01:36    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5D0B2DF-1814-4B9D-ACA7-58BC6AF60260}\mpengine.dll
2014-03-19 22:09:22    --------    d-----w-    C:\Program Files (x86)\HQTotalS
2014-03-13 15:02:03    5777288    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2014-03-31 01:13:47    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-31 00:13:30    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-27 04:12:00    29280    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
2014-03-13 15:02:07    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-13 15:02:06    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-03-01 05:16:26    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-18 00:08:56    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-17 21:23:55    8192    ----a-w-    C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-02-17 21:23:55    56344    ----a-w-    C:\Windows\System32\drivers\HECIx64.sys
2014-02-17 21:14:59    963116    ----a-w-    C:\Windows\SysWow64\igkrng600.bin
2014-02-17 21:14:59    963116    ----a-w-    C:\Windows\System32\igkrng600.bin
2014-02-17 21:14:59    90112    ----a-w-    C:\Windows\System32\igfxCoIn_v2342.dll
2014-02-17 21:14:51    575488    ----a-w-    C:\Windows\SysWow64\igdumdx32.dll
2014-02-17 21:14:51    216876    ----a-w-    C:\Windows\SysWow64\igfcg600m.bin
2014-02-17 21:14:51    216876    ----a-w-    C:\Windows\System32\igfcg600m.bin
2014-02-17 21:14:48    145804    ----a-w-    C:\Windows\SysWow64\igcompkrng600.bin
2014-02-17 21:14:48    145804    ----a-w-    C:\Windows\System32\igcompkrng600.bin
2014-02-17 21:14:45    94208    ----a-w-    C:\Windows\System32\IccLibDll_x64.dll
2014-02-17 21:11:19    215336    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2014-02-17 21:11:19    147752    ----a-w-    C:\Windows\System32\SynTPCo4.dll
2014-02-17 21:11:19    1383472    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2014-02-17 21:11:19    107816    ----a-w-    C:\Windows\SysWow64\SynTPCOM.dll
2014-02-17 21:11:18    400168    ----a-w-    C:\Windows\System32\SynCOM.dll
2014-02-17 21:11:18    271144    ----a-w-    C:\Windows\System32\SynCtrl.dll
2014-02-17 21:11:18    214312    ----a-w-    C:\Windows\SysWow64\SynCtrl.dll
2014-02-17 21:11:18    173352    ----a-w-    C:\Windows\SysWow64\SynCOM.dll
2014-02-17 21:11:18    165160    ----a-w-    C:\Windows\System32\SynGlwPadShlExt.dll
2014-02-17 20:45:10    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-01-22 00:18:54    458336    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2014-01-22 00:18:54    29792    ----a-w-    C:\Windows\System32\drivers\klim6.sys
2014-01-22 00:18:54    29280    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2014-01-22 00:18:54    178272    ----a-w-    C:\Windows\System32\drivers\kneps.sys
.
============= FINISH: 23:43:55.63 ===============

Attached File  attach.txt   2.56KB   4 downloads



BC AdBot (Login to Remove)

 


#2 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 12 April 2014 - 01:58 AM

Ooops. I mean ACER laptop.



#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:17 AM

Posted 16 April 2014 - 12:50 PM

Hi armygreen and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:17 AM

Posted 16 April 2014 - 02:17 PM

Hello armygreen

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
     
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
     
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
     
  • If you are using Cracked or Illegal software your thread will be closed
     

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Step 1

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Step 2

We need to disable DAEMON Tools as it has been known to affect the tools we use.

Please download Defogger and save it to your Desktop.
 

  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete

When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down


Step 3

Download ADWCleaner to your desktop:

http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 4

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    autoclean;
    standardsearch;
    
     
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 17 April 2014 - 10:49 PM

No new symptoms to report.

 

AdwCleaner seems to have created two logs.  I will post both of them in chronological order:

 

# AdwCleaner v3.023 - Report created 17/04/2014 at 18:22:59
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\user.js
File Found : C:\Windows\System32\Tasks\HQTotalS-chromeinstaller
File Found : C:\Windows\System32\Tasks\HQTotalS-codedownloader
File Found : C:\Windows\System32\Tasks\HQTotalS-enabler
File Found : C:\Windows\System32\Tasks\HQTotalS-firefoxinstaller
File Found : C:\Windows\System32\Tasks\HQTotalS-updater
File Found : C:\Windows\Tasks\HQTotalS-chromeinstaller.job
File Found : C:\Windows\Tasks\HQTotalS-codedownloader.job
File Found : C:\Windows\Tasks\HQTotalS-enabler.job
File Found : C:\Windows\Tasks\HQTotalS-firefoxinstaller.job
File Found : C:\Windows\Tasks\HQTotalS-updater.job
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com
Folder Found C:\Program Files (x86)\HQTotalS
Folder Found C:\Users\Owner\AppData\Roaming\Mail.Ru
Folder Found C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\HQTotalS
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Key Found : HKLM\Software\HQTotalS
Key Found : HKLM\Software\installedbrowserextensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQTotalS
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Found : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2So30kcVeSma8EwBMK_XyTfa3prtYE_pdhzXoIU_XN8-aJb9wuQV9RVHc4WBo4NA,,
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjEg,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbQlzfY2uPTYeQjAjEDkq4w6O7BEwWot70sldsFqghGWL_tj4X0MloL8tFZutaUE8O64_5eWegDSGY4NQgnr8taFQS5Zzfja9np8SmxX1ZCpihSYFY2etG6unly07uLaxYktXS1MCyJwcH3CfONhszvVwlR0_T24n-KkEfoZ3B3W8qcjFQ,,&q={searchTerms}

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.InstallationThankYouPage", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.InstallationTime", 1395266959);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.active", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.addressbar", "NA");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.addressbarenhanced", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172_dbWasSet", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172_dbWasSet_FF25_FIX", true[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncdb.was_copied", "true");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncinternaldb.was_copied", "true");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.backgroundver", 1);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.certdomaininstaller", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.changeprevious", false);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallationTime.value", "%221395266959%22");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001327%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.jw_token.value", "%2239c7e6ba-f23c-60c0-67d7-7fc18774b845%22");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.load_balancer.expiration", "Fri Apr 18 2014 00:10:02 GMT-0700 (Pacific Standard Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.previous_page.value", "%22hxxp%3A//www.bleepingcomputer.com/download/adwcleaner/dl/125/%22"[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.user_id.value", "%22144dc650702c2fc5d2b514fc3f1dbc83%22");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.description", "HQ Videos is an add-on for your Internet browser that enhances your online experien[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.domain", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.enablesearch", false);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.homepage", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.iframe", false);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%223CD3F6D4D55F4F4C99473DD26AF3C[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001327%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001327%22%2C%22sub_id%22%3A%220%2[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific [...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%223CD3F6D4D55F4F4C9947[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_appVer.value", "38");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_nextCheck.expiration", "Fri Apr 18 2014 00:09:58 GMT-0700 (Pacific Standard T[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Day[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight T[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.__defualt_browser__.value", "%22ff%22");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%223CD3F6D4[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacifi[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pa[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_last_executable_request.expiration", "Fri Apr 18 2014 06:21:29 GMT-[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.bleepingcompu[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pac[...]
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.lastDailyReport", "1397769049951");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.lastUpdate", "1397783398250");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.manifesturl", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.name", "HQ-Video-Pro-1.9");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.newtab", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.opensearch", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.pluginsurl", "hxxp://js.clientdemocloud.com/plugin/apps/53172/plugins/094/ff/plugins.json");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.pluginsversion", 33);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.publisher", "HQ-Video");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.searchstatus", 0);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.setnewtab", false);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.thankyou", "");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.updateinterval", 360);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.ver", 38);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.FilesValidatorDueTime", "1397769049936");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.apps", "53172");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.bic", "144dc650702c2fc5d2b514fc3f1dbc83");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.cid", 53172);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.firstrun", false);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.hadappinstalled", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.installationdate", 1395267012);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.modetype", "production");
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.reportInstall", true);
Line Found : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.statsDailyCounter", 59);
Line Found : user_pref("extensions.crossrider.bic", "144dc650702c2fc5d2b514fc3f1dbc83");
Line Found : user_pref("extensions.helperbar.BackPageActive", true);
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);
Line Found : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Found : user_pref("extensions.helperbar.backPageCounter", 1);
Line Found : user_pref("extensions.helperbar.backPageDay", 27);
Line Found : user_pref("extensions.helperbar.backPageLastEvent", "1395983881361");
Line Found : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Found : user_pref("extensions.helperbar.barcodeid", "129943");
Line Found : user_pref("extensions.helperbar.countryiso", "us");
Line Found : user_pref("extensions.helperbar.downloadprovider", "tuguubs_ch");
Line Found : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"www.browse-search.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/nps.noproblemppc.com\\\\\\/npsb\\\\\\/[...]
Line Found : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Found : user_pref("extensions.helperbar.installationid", "d6ab2fa7-858f-6c3c-c65f-daec69ba6183");
Line Found : user_pref("extensions.helperbar.installdate", "19/03/2014");
Line Found : user_pref("extensions.helperbar.keepAliveLastevent", "1395267012");
Line Found : user_pref("extensions.helperbar.lastExternalJsUpdate", "1396103987156");
Line Found : user_pref("extensions.helperbar.publisher", "tuguubs");

*************************

AdwCleaner[R0].txt - [25300 octets] - [17/04/2014 18:22:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [25361 octets] ##########
 

 

# AdwCleaner v3.023 - Report created 17/04/2014 at 18:26:01
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\HQTotalS
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mail.Ru
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\user.js
File Deleted : C:\Windows\Tasks\HQTotalS-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\HQTotalS-chromeinstaller
File Deleted : C:\Windows\Tasks\HQTotalS-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\HQTotalS-codedownloader
File Deleted : C:\Windows\Tasks\HQTotalS-enabler.job
File Deleted : C:\Windows\System32\Tasks\HQTotalS-enabler
File Deleted : C:\Windows\Tasks\HQTotalS-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\HQTotalS-firefoxinstaller
File Deleted : C:\Windows\Tasks\HQTotalS-updater.job
File Deleted : C:\Windows\System32\Tasks\HQTotalS-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3b0410f1-831b-4eac-adea-61108e13dacf}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9950ccb-6530-4c80-acd2-79f7d025876b}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\HQTotalS
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\HQTotalS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQTotalS
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.InstallationTime", 1395266959);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.active", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.addressbar", "NA");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.addressbarenhanced", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172_dbWasSet", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172_dbWasSet_FF25_FIX", true[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.backgroundver", 1);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.certdomaininstaller", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.changeprevious", false);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallationTime.value", "%221395266959%22");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001327%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.jw_token.value", "%2239c7e6ba-f23c-60c0-67d7-7fc18774b845%22");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.load_balancer.expiration", "Fri Apr 18 2014 00:10:02 GMT-0700 (Pacific Standard Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.previous_page.value", "%22hxxp%3A//www.bleepingcomputer.com/download/adwcleaner/dl/125/%22"[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.cookie.user_id.value", "%22144dc650702c2fc5d2b514fc3f1dbc83%22");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.description", "HQ Videos is an add-on for your Internet browser that enhances your online experien[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.domain", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.enablesearch", false);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.homepage", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.iframe", false);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%223CD3F6D4D55F4F4C99473DD26AF3C[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001327%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight [...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001327%22%2C%22sub_id%22%3A%220%2[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific [...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%223CD3F6D4D55F4F4C9947[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_appVer.value", "38");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)"[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_nextCheck.expiration", "Fri Apr 18 2014 00:09:58 GMT-0700 (Pacific Standard T[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Day[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight T[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.__defualt_browser__.value", "%22ff%22");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%223CD3F6D4[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacifi[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pa[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_last_executable_request.expiration", "Fri Apr 18 2014 06:21:29 GMT-[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.bleepingcompu[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pac[...]
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.lastDailyReport", "1397769049951");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.lastUpdate", "1397783398250");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.manifesturl", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.name", "HQ-Video-Pro-1.9");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.newtab", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.opensearch", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.pluginsurl", "hxxp://js.clientdemocloud.com/plugin/apps/53172/plugins/094/ff/plugins.json");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.pluginsversion", 33);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.publisher", "HQ-Video");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.searchstatus", 0);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.setnewtab", false);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.thankyou", "");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.updateinterval", 360);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.ver", 38);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.FilesValidatorDueTime", "1397769049936");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.apps", "53172");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.bic", "144dc650702c2fc5d2b514fc3f1dbc83");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.cid", 53172);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.firstrun", false);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.hadappinstalled", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.installationdate", 1395267012);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.modetype", "production");
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.reportInstall", true);
Line Deleted : user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.statsDailyCounter", 59);
Line Deleted : user_pref("extensions.crossrider.bic", "144dc650702c2fc5d2b514fc3f1dbc83");
Line Deleted : user_pref("extensions.helperbar.BackPageActive", true);
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Deleted : user_pref("extensions.helperbar.backPageCounter", 1);
Line Deleted : user_pref("extensions.helperbar.backPageDay", 27);
Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1395983881361");
Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Deleted : user_pref("extensions.helperbar.barcodeid", "129943");
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "tuguubs_ch");
Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"www.browse-search.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/nps.noproblemppc.com\\\\\\/npsb\\\\\\/[...]
Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Deleted : user_pref("extensions.helperbar.installationid", "d6ab2fa7-858f-6c3c-c65f-daec69ba6183");
Line Deleted : user_pref("extensions.helperbar.installdate", "19/03/2014");
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1395267012");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1396103987156");
Line Deleted : user_pref("extensions.helperbar.publisher", "tuguubs");

*************************

AdwCleaner[R0].txt - [25510 octets] - [17/04/2014 18:22:59]
AdwCleaner[S0].txt - [22864 octets] - [17/04/2014 18:26:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22925 octets] ##########
 

 

Next is the zoek log:

 

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Owner on Thu 04/17/2014 at 18:31:08.41.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4/17/2014 6:33:10 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Owner\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Windows\wininit.ini deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3948 MB
CPU Info: Intel® Core™ i3-2310M CPU @ 2.10GHz
CPU Speed: 2131.6 MHz
Sound Card: Speakers (High Definition Audio |
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5B97 Wireless Network Adapter | Broadcom NetLink ™ Gigabit Ethernet
CD / DVD Drives: 2x (D: | E: | ) D: SlimtypeDVD A  DS8A5SH   | E: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  931.4GB
Hard Disks - Free: C:  890.1GB
Manufacturer *: Acer
BIOS Info: AT/AT COMPATIBLE | 04/07/11 | ACRSYS - 1
Time Zone: Pacific Standard Time
Motherboard *: Acer JE50_HR
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Firefox    28.0
Internet Explorer Version: 11.0.9600.16659
Mozilla Firefox version: 28.0 (x86 en-US)
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 12.0.0.77

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Owner\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-04-10 00:41:54    CCF19C82F6145E4A467F7CB9AF82026C    17073152    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2014-04-10 00:41:53    A45A13AAC7777C096A073FF1F4F5A0D5    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 00:41:44    A30AB03E7C837A17AC70E67E63B8E2F6    2048    ----a-w-    C:\Windows\SysWOW64\user.exe
2014-04-10 00:41:44    9F3D88540DB73F5213D5044CB50006DF    7680    ----a-w-    C:\Windows\SysWOW64\instnm.exe
2014-04-10 00:41:44    76161B9D78A275F8F28DD67436013110    1114112    ----a-w-    C:\Windows\SysWOW64\kernel32.dll
2014-04-10 00:41:44    2E1D6624EE2C3F454CADF09DC59E78B0    25600    ----a-w-    C:\Windows\SysWOW64\setup16.exe
2014-04-10 00:41:44    1F76F7CB3C690ACB985C2FD419383B49    14336    ----a-w-    C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 00:41:44    1E886E327F37F34CC7465F1605D1F3CD    5120    ----a-w-    C:\Windows\SysWOW64\wow32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-04-10 00:41:55    C3E3EFD320D0000BE6F9CDB00CD6086F    23134208    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2014-04-10 00:41:53    14257E59C8452DCC38B8D55DEDC6EE0D    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2014-04-10 00:41:44    D2A513EE880D71BDE7F0257F38B9D019    1163264    ----a-w-    C:\Windows\Sysnative\kernel32.dll
2014-04-10 00:41:44    74959C718FF4594369645F35B7DF19C4    16384    ----a-w-    C:\Windows\Sysnative\ntvdm64.dll
2014-04-10 00:41:44    7434E01FBCA3CB86539C39412A31D5E1    362496    ----a-w-    C:\Windows\Sysnative\wow64win.dll
2014-04-10 00:41:44    2A107B611C91CD256466C58C0D776E9D    243712    ----a-w-    C:\Windows\Sysnative\wow64.dll
2014-04-10 00:41:44    0F090A77E664CB0F70AB8D3B230B760C    13312    ----a-w-    C:\Windows\Sysnative\wow64cpu.dll
====== C:\Windows\Sysnative\drivers =====
2014-04-10 00:41:46    B3222734D80013D2C73841B0C549FA63    27584    ----a-w-    C:\Windows\Sysnative\drivers\Diskdump.sys
2014-04-10 00:41:46    A3F0BC5897F9D3786A3CB695B163633A    190912    ----a-w-    C:\Windows\Sysnative\drivers\storport.sys
2014-04-10 00:41:46    96BB922A0981BC7432C8CF52B5410FE6    274880    ----a-w-    C:\Windows\Sysnative\drivers\msiscsi.sys
2014-04-10 00:41:43    1A29A59A4C5BA6F8C85062A613B7E2B2    1684928    ----a-w-    C:\Windows\Sysnative\drivers\ntfs.sys
2014-04-02 00:34:26    33F90B202E9DD9B7D489EB59310FDC34    283064    ----a-w-    C:\Windows\Sysnative\drivers\dtsoftbus01.sys
2014-03-27 03:58:09    D0C3AEF67932D2A80736FBCB956C017D    115296    ----a-w-    C:\Windows\Sysnative\drivers\klflt.sys
2014-03-27 03:58:09    41DF293A7F0418F5DDED9F0297DC68F3    625248    ----a-w-    C:\Windows\Sysnative\drivers\klif.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-04-02 00:36:45    --------    d-----w-    C:\PROGRA~2\Caramava
2014-04-02 00:34:20    --------    d-----w-    C:\PROGRA~2\DAEMON Tools Lite
2014-03-27 03:58:14    --------    d-----w-    C:\PROGRA~2\Kaspersky Lab
2014-03-19 22:18:59    --------    d-----w-    C:\PROGRA~2\WinRAR
======= C: =====
====== C:\Users\Owner\AppData\Roaming ======
2014-04-06 19:16:35    --------    d-----w-    C:\Users\Owner\AppData\Locallow\Adobe
2014-04-02 00:41:02    --------    d-----w-    C:\Users\Owner\AppData\Roaming\uTorrent
2014-04-02 00:34:22    --------    d-----w-    C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2014-03-19 22:19:23    --------    d-----w-    C:\Users\Owner\AppData\Roaming\WinRAR
2014-03-19 22:19:07    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
====== C:\Users\Owner ======
2014-04-18 01:21:37    04B47DEEB298AE90A0C42DEAED71F8BA    1426178    ----a-w-    C:\Users\Owner\Desktop\AdwCleaner.exe
2014-04-18 01:20:18    D28291D3F8CFD0BDA58BE1B77C4FE556    168    ----a-w-    C:\Users\Owner\defogger_reenable
2014-04-18 01:19:17    9146F21288AB749C4C729343F5F285A1    50477    ----a-w-    C:\Users\Owner\Desktop\Defogger.exe
2014-04-12 06:42:49    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Owner\Desktop\dds.com
2014-04-02 00:36:29    --------    d-----w-    C:\ProgramData\TEMP
2014-04-02 00:35:06    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-02 00:33:44    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2014-03-27 03:58:14    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-03-19 22:19:07    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

====== C: exe-files ==
2014-04-18 01:21:37    04B47DEEB298AE90A0C42DEAED71F8BA    1426178    ----a-w-    C:\Users\Owner\Desktop\AdwCleaner.exe
2014-04-18 01:19:17    9146F21288AB749C4C729343F5F285A1    50477    ----a-w-    C:\Users\Owner\Desktop\Defogger.exe
2014-04-12 01:43:49    B97A94D50F797EF00614BE4F25A7A631    548536    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-04-12 01:43:48    D4474A8F1545F5EA8910DF0A0BA3B2AA    840400    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE
2014-04-12 01:43:42    847C42B6D3628881E8DF4B093631519D    78576    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2014-04-12 01:43:42    49D6E55582897A2D7BE65248603F083E    7129304    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\CMigrate.exe
2014-04-12 01:43:40    1368F38793FD367B450B47FEAEBF2DA2    39584    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\AppSharingHookController64.exe
2014-04-12 01:43:36    C8F675B4F7AC2D31A44501F9939CF80A    5297368    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe
2014-04-12 01:43:35    55237AB507C8351C2DE903FB42BE82A7    9597104    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE
2014-04-12 01:43:34    FEAEB800E5632437644E9D131B9D6098    871088    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe
2014-04-12 01:43:32    98C21A1E196BBC7DA76B35A8D1DC7B05    471784    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE
2014-04-12 01:43:01    06F21309A380BC51D5991D3E951DB70A    1054424    ----a-w-    C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
2014-04-12 01:42:52    D6628D559F16663F62D2AAA95AC730ED    496320    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE
2014-04-12 01:42:51    BC0035342F87B6E2B6E2EDEC540B35BF    478936    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE
2014-04-12 01:42:51    B250D11FFAFDF23DA54C717A05BC6C92    449216    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
2014-04-12 01:42:51    7D36DBF0B4355C4204C94F30C3821ED0    21922464    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe
2014-04-12 01:42:50    527428444DDE1288A502182F6B374B17    4522688    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE
2014-04-12 01:42:49    D7571FB88C91A05300B1EC1835200C1C    515312    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe
2014-04-12 01:42:48    589AEB7287893196D585A336570F028F    569592    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE
2014-04-12 01:42:48    23B85A0F237D3E439F98FA0B73EC490C    526024    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE
2014-04-12 01:41:32    F0ECAEDB879431874D2315630BD05502    578256    ----a-w-    C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe
2014-04-12 01:40:46    D31FE31FD11E05A0503B59D694FB65FD    18926248    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
2014-04-12 01:40:39    E7910B535B3F52A0C795DA90626E28E5    1757352    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
2014-04-12 01:40:38    579ABA2979970978365E7615B593EBEF    15516840    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE
2014-04-12 01:40:24    35F84DF8A5B0941D7DE5A8CE1E1D5413    1923232    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
2014-04-12 01:40:21    DD76F47DFAB2AFE63B763B32636B9C60    25701024    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
2014-04-12 01:40:10    DF5AB1C45F8062054E2A9602A274A648    934056    ----a-w-    C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE
=== C: other files ==
2014-04-12 06:42:49    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\Owner\Desktop\dds.com

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2586465260-67891513-3247288464-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"MAgent"="C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MAgent"="C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/13/2014 08:02 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{DE1642F8-AF94-4418-B8B6-FF4AA1184D50}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com" [03/26/2014 09:12 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default
95812430959AE88CDD0301AB3A71913B    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -    Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx[01/21/2014 05:20 PM]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx[01/21/2014 05:20 PM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx[01/21/2014 05:20 PM]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx[03/26/2014 09:09 PM]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx[01/21/2014 05:20 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MAgent] C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\dzzam06s.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=0 1225 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 04/17/2014 at 20:33:39.04 ======================
 



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:17 AM

Posted 19 April 2014 - 11:19 AM

Hi armygreen

Are you getting the pop-ups in all of your internet browsers?

Step 1

  • Please download Malwarebytes Anti-Malware FREE Version from here: https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
  • Save it to your Desktop.
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click to execute the installation. Accept the terms, and allow MBAM to install to the default location in your Program Files.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, click on the large green Scan Now button to begin the Threat Scan.
    Note: Optionally, you could have simply clicked Fix Now if it is displayed. That will automatically download updates and run a Threat Scan.
    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

Step 2

Please Download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 20 April 2014 - 07:07 PM

I didn't check any browsers other than Firefox.  However, I'm not having any pop-ups or redirects on any browsers, now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/20/2014
Scan Time: 4:59:46 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.20.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245772
Time Elapsed: 10 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.HQTotalS.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQTotalS, Quarantined, [8314d15bf586f343ef7879fa956d03fd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Owner (administrator) on OWNER-PC on 20-04-2014 17:02:51
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2014-02-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2014-02-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2586465260-67891513-3247288464-1000\...\Run: [MAgent] => C:\Users\Owner\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU

==================== Internet (Whitelisted) ====================

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F5E1332EA29CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-03-26]

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-01-21] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [73216 2010-11-01] (ASIX Electronics Corp.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-01] (Disc Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-21] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-01-21] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-01-21] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-21] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 17:02 - 2014-04-20 17:02 - 00012080 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 17:02 - 2014-04-20 17:02 - 00000000 ____D () C:\FRST
2014-04-20 17:01 - 2014-04-20 17:01 - 02056704 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-04-20 16:49 - 2014-04-20 16:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 16:48 - 2014-04-20 16:48 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 16:48 - 2014-04-20 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 16:48 - 2014-04-20 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 16:48 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 16:48 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 16:48 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 16:47 - 2014-04-20 16:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-17 18:52 - 2014-04-17 18:30 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-17 18:32 - 2014-04-17 20:33 - 00029094 _____ () C:\zoek-results.log
2014-04-17 18:30 - 2014-04-17 18:45 - 00000000 ____D () C:\zoek_backup
2014-04-17 18:30 - 2014-04-17 18:30 - 01285120 _____ () C:\Users\Owner\Desktop\zoek.exe
2014-04-17 18:22 - 2014-04-17 18:26 - 00000000 ____D () C:\AdwCleaner
2014-04-17 18:21 - 2014-04-17 18:21 - 01426178 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-04-17 18:20 - 2014-04-17 18:20 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-04-17 18:20 - 2014-04-17 18:20 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-04-17 18:19 - 2014-04-17 18:19 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-04-11 23:44 - 2014-04-11 23:44 - 00020620 _____ () C:\Users\Owner\Desktop\dds.txt
2014-04-11 23:44 - 2014-04-11 23:44 - 00002621 _____ () C:\Users\Owner\Desktop\attach.txt
2014-04-11 23:42 - 2014-04-11 23:42 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-04-10 19:27 - 2014-04-18 19:29 - 00000392 _____ () C:\Windows\setupact.log
2014-04-10 19:27 - 2014-04-17 20:33 - 00007570 _____ () C:\Windows\PFRO.log
2014-04-10 19:27 - 2014-04-10 19:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-09 17:41 - 2014-03-30 18:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 17:41 - 2014-03-30 18:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 17:41 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 17:41 - 2014-03-30 16:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 17:41 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:41 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 17:41 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 17:41 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 17:41 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 17:41 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 17:41 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 17:41 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 17:41 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 17:41 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 17:41 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 17:41 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 17:41 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 17:41 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 17:41 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 17:41 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 17:41 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-01 18:02 - 2014-04-01 18:02 - 00000000 ____D () C:\Users\Owner\Downloads\Rosetta.Stone.v3.4.7.As.Complete.As.You.Can.Get.Edition-JAMMO
2014-04-01 17:57 - 2014-04-01 18:01 - 00000000 ____D () C:\Users\Owner\Desktop\Torrents
2014-04-01 17:56 - 2014-04-01 17:56 - 00000000 ____D () C:\Users\Owner\Desktop\ARRRRR
2014-04-01 17:41 - 2014-04-17 18:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-04-01 17:41 - 2014-04-01 17:41 - 00000831 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-04-01 17:36 - 2014-04-03 19:21 - 00000000 ____D () C:\Program Files (x86)\Caramava
2014-04-01 17:36 - 2014-04-01 17:36 - 00000000 ____D () C:\Users\Owner\Documents\Max PC Optimizer
2014-04-01 17:34 - 2014-04-01 17:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2014-04-01 17:34 - 2014-04-01 17:34 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-01 17:34 - 2014-04-01 17:34 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-01 17:33 - 2014-04-01 17:33 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-03-29 16:21 - 2014-03-29 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 20:58 - 2014-04-20 16:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-03-26 20:58 - 2014-03-26 21:12 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-26 20:58 - 2014-03-26 21:12 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-26 20:58 - 2014-03-26 20:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-26 20:58 - 2014-03-26 20:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-26 20:58 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll

==================== One Month Modified Files and Folders =======

2014-04-20 17:02 - 2014-04-20 17:02 - 00012080 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 17:02 - 2014-04-20 17:02 - 00000000 ____D () C:\FRST
2014-04-20 17:02 - 2014-02-17 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 17:01 - 2014-04-20 17:01 - 02056704 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-04-20 17:00 - 2014-02-14 18:07 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DE1642F8-AF94-4418-B8B6-FF4AA1184D50}
2014-04-20 16:49 - 2014-04-20 16:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 16:48 - 2014-04-20 16:48 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 16:48 - 2014-04-20 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 16:48 - 2014-04-20 16:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 16:48 - 2014-02-14 14:12 - 01958803 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 16:47 - 2014-04-20 16:47 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-20 16:46 - 2014-03-26 20:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-18 19:29 - 2014-04-10 19:27 - 00000392 _____ () C:\Windows\setupact.log
2014-04-17 20:40 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-17 20:40 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-17 20:37 - 2009-07-13 22:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-17 20:33 - 2014-04-17 18:32 - 00029094 _____ () C:\zoek-results.log
2014-04-17 20:33 - 2014-04-10 19:27 - 00007570 _____ () C:\Windows\PFRO.log
2014-04-17 20:33 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 18:45 - 2014-04-17 18:30 - 00000000 ____D () C:\zoek_backup
2014-04-17 18:30 - 2014-04-17 18:52 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-04-17 18:30 - 2014-04-17 18:30 - 01285120 _____ () C:\Users\Owner\Desktop\zoek.exe
2014-04-17 18:26 - 2014-04-17 18:22 - 00000000 ____D () C:\AdwCleaner
2014-04-17 18:21 - 2014-04-17 18:21 - 01426178 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-04-17 18:20 - 2014-04-17 18:20 - 00000542 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2014-04-17 18:20 - 2014-04-17 18:20 - 00000168 _____ () C:\Users\Owner\defogger_reenable
2014-04-17 18:20 - 2014-02-14 14:12 - 00000000 ____D () C:\Users\Owner
2014-04-17 18:19 - 2014-04-17 18:19 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2014-04-17 18:18 - 2014-04-01 17:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-04-11 23:44 - 2014-04-11 23:44 - 00020620 _____ () C:\Users\Owner\Desktop\dds.txt
2014-04-11 23:44 - 2014-04-11 23:44 - 00002621 _____ () C:\Users\Owner\Desktop\attach.txt
2014-04-11 23:42 - 2014-04-11 23:42 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2014-04-11 18:44 - 2014-02-20 22:29 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-10 20:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 19:27 - 2014-04-10 19:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-10 19:11 - 2014-02-17 16:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 19:08 - 2014-02-17 16:05 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 12:17 - 2014-02-17 17:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-06 12:16 - 2014-02-17 16:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-04-06 12:16 - 2014-02-17 16:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-04-06 12:16 - 2014-02-14 15:03 - 00000000 ____D () C:\Windows\Panther
2014-04-03 19:21 - 2014-04-01 17:36 - 00000000 ____D () C:\Program Files (x86)\Caramava
2014-04-03 09:51 - 2014-04-20 16:48 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 16:48 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 16:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 18:02 - 2014-04-01 18:02 - 00000000 ____D () C:\Users\Owner\Downloads\Rosetta.Stone.v3.4.7.As.Complete.As.You.Can.Get.Edition-JAMMO
2014-04-01 18:01 - 2014-04-01 17:57 - 00000000 ____D () C:\Users\Owner\Desktop\Torrents
2014-04-01 17:56 - 2014-04-01 17:56 - 00000000 ____D () C:\Users\Owner\Desktop\ARRRRR
2014-04-01 17:41 - 2014-04-01 17:41 - 00000831 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-04-01 17:38 - 2014-04-01 17:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2014-04-01 17:36 - 2014-04-01 17:36 - 00000000 ____D () C:\Users\Owner\Documents\Max PC Optimizer
2014-04-01 17:35 - 2014-02-19 20:39 - 01671248 _____ (BitTorrent Inc.) C:\Users\Owner\Desktop\uTorrent.exe
2014-04-01 17:34 - 2014-04-01 17:34 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-01 17:34 - 2014-04-01 17:34 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-04-01 17:33 - 2014-04-01 17:33 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-04-01 07:02 - 2014-02-19 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 06:58 - 2014-02-14 14:12 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-30 18:16 - 2014-04-09 17:41 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:13 - 2014-04-09 17:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 17:13 - 2014-04-09 17:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 16:57 - 2014-04-09 17:41 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 16:21 - 2014-03-29 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 21:12 - 2014-03-26 20:58 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-03-26 21:12 - 2014-03-26 20:58 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-03-26 21:12 - 2014-01-21 17:18 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-03-26 20:58 - 2014-03-26 20:58 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-03-26 20:58 - 2014-03-26 20:58 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-03-26 20:46 - 2014-02-20 22:52 - 00000000 ____D () C:\Program Files\CCleaner

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 19:58

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Owner at 2014-04-20 17:03:14
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Combined Community Codec Pack 2014-01-17 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.01.17.0 - CCCP Project)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
GUC2100 (HKLM-x32\...\{CAAF899F-D15F-480F-AF10-22B1431A5E9F}) (Version: 1.00.0000 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Mail.Ru Agent 6.2 (build 7528) (HKCU\...\MRA) (Version: 6.2.7528.0 - Mail.Ru) <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

14-03-2014 14:51:36 Windows Update
17-03-2014 18:53:26 Windows Update
19-03-2014 01:02:41 Windows Update
26-03-2014 03:01:06 Windows Update
02-04-2014 00:34:29 Device Driver Package Install: DT Soft Ltd System devices
11-04-2014 02:07:40 Windows Update
18-04-2014 01:32:47 zoek.exe restore point

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1F74EC63-B365-488A-A618-DAF0032EE660} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {2559447E-3A47-4212-8D51-B886C3F2E8BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)
Task: {2A73B350-73A6-4E73-A5DC-44296F95E254} - \HQTotalS-chromeinstaller No Task File <==== ATTENTION
Task: {3509EEC8-A5F7-4DB6-8E04-AA78E2C27820} - \HQTotalS-updater No Task File <==== ATTENTION
Task: {50D36E94-B0E9-4DEA-9A70-E6ADF1D8DE47} - \HQTotalS-enabler No Task File <==== ATTENTION
Task: {68879C49-BB0E-4BB3-B31F-5949AFD8B1C2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-11] (Microsoft Corporation)
Task: {99FAE656-913E-4BA5-9601-CAAE33EC9422} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {B7940F43-4A14-4D95-8E15-55473CEF67AB} - \HQTotalS-codedownloader No Task File <==== ATTENTION
Task: {EAFF9D9B-38B3-4760-9060-2D6EE27DAFD2} - \HQTotalS-firefoxinstaller No Task File <==== ATTENTION
Task: {F61FE736-66B0-4BA9-B364-FF9F5D824656} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-11 18:43 - 2014-04-11 18:43 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-21 07:34 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-20 22:29 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-03-26 09:28 - 2014-02-17 14:14 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-17 17:20 - 2014-02-17 17:20 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aeb07412ad41bff851002a4cd8ed97d1\IsdiInterop.ni.dll
2014-02-17 13:43 - 2011-02-18 09:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 02:10:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

Error: (04/20/2014 02:10:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2075

Error: (04/20/2014 02:10:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 02:10:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

Error: (04/20/2014 02:10:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077

Error: (04/20/2014 02:10:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 01:23:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2121

Error: (04/20/2014 01:23:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2121

Error: (04/20/2014 01:23:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 01:23:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1107


System errors:
=============
Error: (04/17/2014 06:45:45 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/17/2014 06:45:44 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/17/2014 06:45:44 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/17/2014 06:45:43 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/17/2014 06:45:43 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (04/11/2014 08:47:38 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{AF641A33-6D58-4FBA-A0A5-A5280B84BC03}.
The backup browser is stopping.

Error: (04/06/2014 11:31:07 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 10.0.0.5.
The computer with the IP address 10.0.0.2 did not allow the name to be claimed by
this computer.

Error: (04/05/2014 05:49:32 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{AF641A33-6D58-4FBA-A0A5-A5280B84BC03}.
The backup browser is stopping.

Error: (04/01/2014 09:32:03 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GREENFAMILYPC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AF641A33-6D58-4FBA-A0A5-A5280B84BC03}.
The master browser is stopping or an election is being forced.

Error: (04/01/2014 07:04:08 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (04/20/2014 02:10:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2075

Error: (04/20/2014 02:10:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2075

Error: (04/20/2014 02:10:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 02:10:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

Error: (04/20/2014 02:10:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077

Error: (04/20/2014 02:10:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 01:23:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2121

Error: (04/20/2014 01:23:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2121

Error: (04/20/2014 01:23:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2014 01:23:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1107


CodeIntegrity Errors:
===================================
  Date: 2014-04-10 19:59:40.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-10 19:59:40.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-10 19:59:40.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-10 19:59:40.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-10 19:59:40.946
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-10 19:59:40.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 16:18:27.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 16:18:27.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 16:18:27.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 16:18:27.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 3947.86 MB
Available physical RAM: 2994.18 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 6724.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:889.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EDC7ACC7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:17 AM

Posted 22 April 2014 - 08:52 AM

Hi armygreen

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

Task: {2A73B350-73A6-4E73-A5DC-44296F95E254} - \HQTotalS-chromeinstaller No Task File <==== ATTENTION
Task: {3509EEC8-A5F7-4DB6-8E04-AA78E2C27820} - \HQTotalS-updater No Task File <==== ATTENTION
Task: {50D36E94-B0E9-4DEA-9A70-E6ADF1D8DE47} - \HQTotalS-enabler No Task File <==== ATTENTION
Task: {B7940F43-4A14-4D95-8E15-55473CEF67AB} - \HQTotalS-codedownloader No Task File <==== ATTENTION
Task: {EAFF9D9B-38B3-4760-9060-2D6EE27DAFD2} - \HQTotalS-firefoxinstaller No Task File <==== ATTENTION

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on FINISH (Selecting Uninstall application on close if you so wish)

    Step 3

    How is your machine running now? Do you have any further issues?
  •  

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 armygreen

armygreen
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:17 PM

Posted 23 April 2014 - 11:28 PM

The laptop is running very well.  We haven't noticed any more issues. Thank you.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by Owner at 2014-04-23 20:18:12 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {2A73B350-73A6-4E73-A5DC-44296F95E254} - \HQTotalS-chromeinstaller No Task File <==== ATTENTION
Task: {3509EEC8-A5F7-4DB6-8E04-AA78E2C27820} - \HQTotalS-updater No Task File <==== ATTENTION
Task: {50D36E94-B0E9-4DEA-9A70-E6ADF1D8DE47} - \HQTotalS-enabler No Task File <==== ATTENTION
Task: {B7940F43-4A14-4D95-8E15-55473CEF67AB} - \HQTotalS-codedownloader No Task File <==== ATTENTION
Task: {EAFF9D9B-38B3-4760-9060-2D6EE27DAFD2} - \HQTotalS-firefoxinstaller No Task File <==== ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A73B350-73A6-4E73-A5DC-44296F95E254} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A73B350-73A6-4E73-A5DC-44296F95E254} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQTotalS-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3509EEC8-A5F7-4DB6-8E04-AA78E2C27820} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3509EEC8-A5F7-4DB6-8E04-AA78E2C27820} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQTotalS-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50D36E94-B0E9-4DEA-9A70-E6ADF1D8DE47} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50D36E94-B0E9-4DEA-9A70-E6ADF1D8DE47} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQTotalS-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7940F43-4A14-4D95-8E15-55473CEF67AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7940F43-4A14-4D95-8E15-55473CEF67AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQTotalS-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAFF9D9B-38B3-4760-9060-2D6EE27DAFD2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFF9D9B-38B3-4760-9060-2D6EE27DAFD2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQTotalS-firefoxinstaller => Key deleted successfully.

==== End of Fixlog ====

 

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7bb17e12d6383f4c99554b797836a99a
# engine=18006
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-24 03:48:31
# local_time=2014-04-23 08:48:31 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1465771 149854761 0 0
# scanned=107358
# found=7
# cleaned=7
# scan_time=1526
sh=F5BD07E30DC5698A4E0924696D96C1926ED6775F ft=1 fh=3a4703d32e08a068 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bg.exe.vir"
sh=15997F30DF10405762CB2C0AA8453DF68827D30D ft=1 fh=31a7ce2cef2cecea vn="a variant of Win64/Toolbar.Crossrider.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bho64.dll.vir"
sh=747F60863EC1229CBEF0AD8CEBC468A344140148 ft=1 fh=8c3f7e5eb193053d vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-codedownloader.exe.vir"
sh=9B6F1181B0F299713A90D2C42A45CB40683B929C ft=1 fh=17e7d12536ac24ea vn="a variant of Win32/Toolbar.CrossRider.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-enabler.exe.vir"
sh=38F2A724C77DDF8DE0B083B3AA20AECA678F0E70 ft=1 fh=95007af7239f848b vn="a variant of Win32/Toolbar.CrossRider.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-updater.exe.vir"
sh=77F7D7E45A94E8B20EF6BE0F35CC33BCCA8408DD ft=1 fh=5376a0a21188d2ad vn="Win32/Toolbar.CrossRider.AB potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\utils.exe.vir"
sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\dzzam06s.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
 



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:17 AM

Posted 24 April 2014 - 03:29 PM


Hi armygreen

Your logs look clean, If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Un-install Adwcleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

    Clean up with Delfix

    Download "Delfix by Xplode" and save it to your desktop.
  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Clean up with TFC

    Please download TFC.exe - Temp File Cleaner by OldTimer:
    Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
    • Save it to your Desktop.
    • Close any open windows, save your work.
    • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process,
    • Allow TFC to run uninterrupted,
    • The program should not take long to finish its job.
    • Once it's finished, click OK to reboot.
    Turn On Automatic Updates:

    Turn On Automatic Updates

    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:17 PM

Posted 06 May 2014 - 04:14 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users