Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacker... got it today...


  • This topic is locked This topic is locked
19 replies to this topic

#1 kylejw1990

kylejw1990

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 21 May 2014 - 12:14 AM

so i got this today and cant get rid of it. i have done this so far...

 

tampered with browser settings. settings are now right but each "new tab" gives me this screen. home page is set to google and default search engine is google.

 

ran rkill

 

ran ADWcleaner.

 

ran malewarebyte(looking for PUP)

 

all of this was done in safe mode and it is still there. Thanks for all that reply :)

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 11.0.9600.17041
Run by Kyle at 0:34:02 on 2014-05-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2038.1132 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\kyle\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [pcreg] c:\program files\pcreg\service.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 72.240.13.7 72.240.13.6 156.154.70.43
TCP: Interfaces\{5E6B491F-0993-4701-8920-A4EC825D8130} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021} : DHCPNameServer = 72.240.13.7 72.240.13.6 156.154.70.43
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021}\245727765627B496E676 : DHCPNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021}\350796E60224279647560263636343 : DHCPNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021}\6427F6E64796562753334343 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021}\84F6473707F647 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7FD1E783-FF1A-4B5E-9BF1-141FD8E8D021}\D636C637075726C69636 : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\veblf068.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\kyle\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\users\kyle\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\veblf068.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: c:\users\kyle\appdata\roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-24 64512]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 MpKslf136470b;MpKslf136470b;c:\programdata\microsoft\microsoft antimalware\definition updates\{f90af0f3-2185-4cf1-ae35-6e6ae12d8683}\MpKslf136470b.sys [2014-5-21 39464]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2012-3-20 2152720]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-5-20 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-1 701512]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 104264]
R2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe [2014-4-25 249024]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2012-3-20 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-1 22856]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" --> C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-23 108032]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]
S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-12-18 174720]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
SUnknown MpKsl584c4131;MpKsl584c4131; [x]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-05-21 04:29:06 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f90af0f3-2185-4cf1-ae35-6e6ae12d8683}\MpKslf136470b.sys
2014-05-20 03:50:18 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f90af0f3-2185-4cf1-ae35-6e6ae12d8683}\mpengine.dll
2014-05-19 03:46:01 -------- d-----w- c:\program files\WinPcap
2014-05-19 03:38:40 -------- d-----w- c:\users\kyle\.zenmap
2014-05-19 02:33:22 -------- d-----w- C:\AdwCleaner
2014-05-19 02:29:11 -------- d-----w- c:\windows\pss
2014-05-19 02:17:34 -------- d-----w- c:\users\kyle\appdata\local\globalUpdate
2014-05-19 02:17:34 -------- d-----w- c:\program files\globalUpdate
2014-05-19 02:17:01 -------- d-----w- c:\program files\pcreg
2014-05-19 02:16:35 -------- d-----w- c:\programdata\pastaleads
2014-05-19 02:16:34 -------- d-----w- c:\program files\pastaleads
2014-05-19 02:03:52 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-19 02:00:11 -------- d-----w- c:\users\kyle\Zero G Registry
2014-05-17 04:20:59 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1577b2dd-bd4e-481a-b6b6-62aa671fedbe}\gapaengine.dll
2014-05-15 06:12:22 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 04:42:00 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-04-30 04:02:28 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-25 04:48:38 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-04-22 01:56:23 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-22 01:56:23 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-22 01:56:23 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-22 01:56:23 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-22 01:56:16 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-21 23:29:54 -------- d-----w- c:\users\kyle\appdata\local\Skype
.
==================== Find3M  ====================
.
2014-05-15 05:05:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 05:05:23 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-04-18 04:31:50 98040 ----a-w- c:\windows\system32\Packet.dll
2014-04-18 04:31:50 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2014-04-18 04:31:50 36600 ----a-w- c:\windows\system32\drivers\npf.sys
2014-04-18 04:31:50 282360 ----a-w- c:\windows\system32\wpcap.dll
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-01 02:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 02:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-04 09:20:11 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH:  0:38:04.15 ===============
 

 

and i added an img of what it is i am looking at.

Attached Files



BC AdBot (Login to Remove)

 


#2 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 21 May 2014 - 09:41 AM

i think i got it. its not showing up anymore at least. I missed a few settings that needed to be changed back...

 

topic may now be closed if you would like :)



#3 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 22 May 2014 - 10:41 PM

Dear community,

 

since my last post i have been repeatedly getting a file that malwarebytes quarantines and i select to "remove" it from my laptop but it will find its way back. Attached is a screen shot of what the file is. 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 AM

Posted 24 May 2014 - 02:35 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 25 May 2014 - 11:13 AM

I will do this tonight after work thanks!



#6 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 26 May 2014 - 12:05 PM

the logs your requested...

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02

Ran by Kyle (administrator) on KYLE-PC on 26-05-2014 13:00:32
Running from C:\Users\Kyle\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-19] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\Run: [Google Update] => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-29] (Google Inc.)
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {050a4b71-0394-11df-8aa9-001eec38aa3f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {2e6886c3-213c-11e1-96c3-005056c00008} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {45b1aed7-0892-11df-9ece-001eec38aa3f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {c0a4abd5-81af-11e0-91c3-001eec38aa3f} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {c513a6dd-9da9-11e0-af6e-001eec38aa3f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {fbf4d434-304f-11df-97f8-001eec38aa3f} - "F:\WD SmartWare.exe" autoplay=true
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC93B49A71897CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {EAD092B4-687A-4BFE-8EBF-24ABB0368AD0} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.6 156.154.70.43
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
FF Extension: No Name - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\staged [2014-02-06]
FF Extension: Anaglyph 3D - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\anaglyph3d@internauta1024a.pl.xpi [2013-02-15]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\extension@hidemyass.com.xpi [2012-03-12]
FF Extension: Firebug - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\firebug@software.joehewitt.com.xpi [2011-07-31]
FF Extension: Firecookie - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\firecookie@janodvarko.cz.xpi [2011-07-31]
FF Extension: Fireforce - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\fireforce@scrt.ch.xpi [2011-08-16]
FF Extension: AP Suggestor - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi [2012-06-13]
FF Extension: Tamper Data - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2012-03-12]
FF Extension: User Agent Switcher - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2011-07-31]
FF Extension: HackBar - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2011-08-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-14]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ []
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Skype Click to Call) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Kyle\AppData\Local\Temp\ccex.crx [2014-05-18]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2014-05-18]
CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - C:\Program Files\AP Suggestor\APSuggestor.crx [2014-05-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 metasploitPostgreSQL; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [116992 2008-03-27] (Mars Semiconductor Corp.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-20] ()
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated)
U3 avhac9vw; C:\Windows\system32\Drivers\avhac9vw.sys [0 ] (Microsoft Corporation)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 JakNDisMP; system32\DRIVERS\JakNDis.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-26 13:00 - 2014-05-26 13:00 - 00014842 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-05-26 13:00 - 2014-05-26 13:00 - 00000000 ____D () C:\FRST
2014-05-26 12:58 - 2014-05-26 12:58 - 01056256 _____ (Farbar) C:\Users\Kyle\Desktop\FRST.exe
2014-05-25 00:50 - 2014-05-25 00:50 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\LavasoftStatistics
2014-05-25 00:35 - 2014-05-25 00:35 - 01727624 _____ () C:\Users\Kyle\Downloads\Adaware_Installer.exe
2014-05-24 12:59 - 2014-05-24 13:00 - 00001890 ____H () C:\aaw7boot.cmd
2014-05-21 10:27 - 2014-05-21 10:32 - 00000424 _____ () C:\Users\Kyle\Downloads\SystemLook.txt
2014-05-18 23:46 - 2014-05-18 23:46 - 00000925 _____ () C:\Users\Kyle\Desktop\Nmap - Zenmap GUI.lnk
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Program Files\WinPcap
2014-05-18 23:44 - 2014-05-18 23:44 - 26843165 _____ (Insecure.org) C:\Users\Kyle\Downloads\nmap-6.46-setup.exe
2014-05-18 23:38 - 2014-05-18 23:53 - 00000000 ____D () C:\Users\Kyle\.zenmap
2014-05-18 22:51 - 2014-05-20 21:59 - 00002590 _____ () C:\Users\Kyle\Desktop\Rkill.txt
2014-05-18 22:47 - 2014-05-21 00:38 - 00015419 _____ () C:\Users\Kyle\Desktop\dds.txt
2014-05-18 22:47 - 2014-05-21 00:38 - 00012375 _____ () C:\Users\Kyle\Desktop\attach.txt
2014-05-18 22:33 - 2014-05-20 22:01 - 00000000 ____D () C:\AdwCleaner
2014-05-18 22:29 - 2014-05-18 22:29 - 00000000 ____D () C:\Windows\pss
2014-05-18 22:26 - 2014-05-18 22:27 - 00171948 _____ () C:\Users\Kyle\Downloads\cc_20140518_222610.reg
2014-05-18 22:20 - 2014-05-18 22:20 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-18 22:17 - 2014-05-24 12:59 - 00000000 ____D () C:\Program Files\pcreg
2014-05-18 22:17 - 2014-05-18 22:22 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-18 22:17 - 2014-05-18 22:17 - 00000000 ____D () C:\Users\Kyle\AppData\Local\globalUpdate
2014-05-18 22:16 - 2014-05-18 22:21 - 00000000 ____D () C:\Program Files\pastaleads
2014-05-18 22:16 - 2014-05-18 22:18 - 00000000 ____D () C:\ProgramData\pastaleads
2014-05-18 22:00 - 2014-05-18 22:00 - 00000000 ____D () C:\Users\Kyle\Zero G Registry
2014-05-15 02:21 - 2014-05-15 02:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 02:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 02:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 02:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:42 - 2014-05-09 03:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 00:41 - 2014-05-09 03:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 00:41 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 00:41 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 00:41 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 00:41 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 00:41 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 00:41 - 2014-04-11 22:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 00:41 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 00:41 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 00:41 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 00:41 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 00:41 - 2014-03-04 05:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 00:40 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-30 23:55 - 2014-04-30 23:56 - 04745984 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\ccsetup413.exe
2014-04-30 00:02 - 2014-05-15 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-27 17:16 - 2014-04-27 17:16 - 00075264 _____ () C:\Users\Kyle\Downloads\SystemLook.exe
2014-04-27 09:40 - 2014-04-27 09:41 - 00602112 _____ (OldTimer Tools) C:\Users\Kyle\Downloads\OTL.exe
2014-04-26 23:05 - 2014-04-26 23:05 - 00688992 _____ (Swearware) C:\Users\Kyle\Downloads\dds.com
2014-04-26 22:15 - 2014-04-26 22:15 - 01243655 _____ () C:\Users\Kyle\Downloads\ProcessExplorer.zip
2014-04-26 10:37 - 2014-04-26 10:38 - 03662848 _____ () C:\Users\Kyle\Downloads\dd-wrt.v24-21402_NEWD-2_K2.6_mini-e800.bin
 
==================== One Month Modified Files and Folders =======
 
2014-05-26 13:00 - 2014-05-26 13:00 - 00014842 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-05-26 13:00 - 2014-05-26 13:00 - 00000000 ____D () C:\FRST
2014-05-26 13:00 - 2010-01-17 00:47 - 01353718 _____ () C:\Windows\WindowsUpdate.log
2014-05-26 12:58 - 2014-05-26 12:58 - 01056256 _____ (Farbar) C:\Users\Kyle\Desktop\FRST.exe
2014-05-26 12:55 - 2014-04-21 20:49 - 00003584 _____ () C:\Windows\setupact.log
2014-05-26 12:55 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-26 09:18 - 2010-01-29 00:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854015100-2970217473-1074027365-1000UA.job
2014-05-26 09:05 - 2013-03-04 21:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 08:59 - 2012-03-24 14:51 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-26 08:33 - 2009-07-14 00:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 08:33 - 2009-07-14 00:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 01:11 - 2012-03-24 14:51 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-25 00:50 - 2014-05-25 00:50 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\LavasoftStatistics
2014-05-25 00:35 - 2014-05-25 00:35 - 01727624 _____ () C:\Users\Kyle\Downloads\Adaware_Installer.exe
2014-05-24 20:17 - 2010-01-29 00:30 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854015100-2970217473-1074027365-1000Core.job
2014-05-24 14:53 - 2012-03-24 14:53 - 00000064 _____ () C:\Windows\system32\rp_stats.dat
2014-05-24 14:53 - 2012-03-24 14:53 - 00000044 _____ () C:\Windows\system32\rp_rules.dat
2014-05-24 13:00 - 2014-05-24 12:59 - 00001890 ____H () C:\aaw7boot.cmd
2014-05-24 12:59 - 2014-05-18 22:17 - 00000000 ____D () C:\Program Files\pcreg
2014-05-24 11:11 - 2013-03-17 20:40 - 00037352 _____ () C:\aaw7boot.log
2014-05-22 23:29 - 2014-04-21 20:49 - 00010386 _____ () C:\Windows\PFRO.log
2014-05-21 10:32 - 2014-05-21 10:27 - 00000424 _____ () C:\Users\Kyle\Downloads\SystemLook.txt
2014-05-21 00:38 - 2014-05-18 22:47 - 00015419 _____ () C:\Users\Kyle\Desktop\dds.txt
2014-05-21 00:38 - 2014-05-18 22:47 - 00012375 _____ () C:\Users\Kyle\Desktop\attach.txt
2014-05-20 22:11 - 2012-08-01 12:45 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 22:11 - 2012-08-01 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-20 22:11 - 2012-08-01 12:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-20 22:01 - 2014-05-18 22:33 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:59 - 2014-05-18 22:51 - 00002590 _____ () C:\Users\Kyle\Desktop\Rkill.txt
2014-05-20 07:03 - 2010-01-17 13:02 - 00069112 _____ () C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-20 07:02 - 2009-07-14 00:33 - 00306224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-20 01:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-20 01:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-20 01:20 - 2010-05-12 20:53 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-05-20 01:19 - 2010-01-20 21:33 - 00000510 _____ () C:\Windows\ODBC.INI
2014-05-20 01:14 - 2010-05-12 21:05 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-05-19 23:52 - 2010-01-20 21:32 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-19 23:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Registration
2014-05-19 11:58 - 2010-01-20 22:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-19 11:50 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-18 23:53 - 2014-05-18 23:38 - 00000000 ____D () C:\Users\Kyle\.zenmap
2014-05-18 23:46 - 2014-05-18 23:46 - 00000925 _____ () C:\Users\Kyle\Desktop\Nmap - Zenmap GUI.lnk
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Program Files\WinPcap
2014-05-18 23:46 - 2011-04-05 14:59 - 00000000 ____D () C:\Program Files\Nmap
2014-05-18 23:44 - 2014-05-18 23:44 - 26843165 _____ (Insecure.org) C:\Users\Kyle\Downloads\nmap-6.46-setup.exe
2014-05-18 23:38 - 2010-01-16 21:54 - 00000000 ____D () C:\Users\Kyle
2014-05-18 22:37 - 2010-02-17 10:03 - 00000000 ____D () C:\Program Files\DivX
2014-05-18 22:29 - 2014-05-18 22:29 - 00000000 ____D () C:\Windows\pss
2014-05-18 22:29 - 2011-04-28 15:52 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-18 22:28 - 2011-04-28 15:52 - 00000000 ____D () C:\Users\Kyle\AppData\Local\PMB Files
2014-05-18 22:27 - 2014-05-18 22:26 - 00171948 _____ () C:\Users\Kyle\Downloads\cc_20140518_222610.reg
2014-05-18 22:22 - 2014-05-18 22:17 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-18 22:21 - 2014-05-18 22:16 - 00000000 ____D () C:\Program Files\pastaleads
2014-05-18 22:20 - 2014-05-18 22:20 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-18 22:19 - 2010-01-17 14:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 22:18 - 2014-05-18 22:16 - 00000000 ____D () C:\ProgramData\pastaleads
2014-05-18 22:17 - 2014-05-18 22:17 - 00000000 ____D () C:\Users\Kyle\AppData\Local\globalUpdate
2014-05-18 22:11 - 2010-08-21 09:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-18 22:08 - 2010-06-08 16:29 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:06 - 2010-02-18 03:27 - 00000000 ____D () C:\Program Files\GRETECH
2014-05-18 22:00 - 2014-05-18 22:00 - 00000000 ____D () C:\Users\Kyle\Zero G Registry
2014-05-18 22:00 - 2010-08-31 17:45 - 00000000 ____D () C:\JBuilder9
2014-05-18 22:00 - 2010-08-31 17:36 - 00000016 _____ () C:\Users\Kyle\persistent_state
2014-05-16 01:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 11:51 - 2014-04-30 00:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 02:26 - 2013-08-15 14:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 02:22 - 2010-04-02 09:23 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 02:21 - 2014-05-15 02:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:05 - 2013-03-04 21:13 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 01:05 - 2013-03-04 21:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 03:06 - 2014-05-15 00:42 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 03:04 - 2014-05-15 00:41 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:34 - 2009-07-14 00:53 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-05 23:25 - 2014-05-15 02:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:07 - 2014-05-15 02:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:10 - 2014-05-15 02:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 09:37 - 2012-04-05 18:06 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Skype
2014-04-30 23:56 - 2014-04-30 23:55 - 04745984 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\ccsetup413.exe
2014-04-27 17:16 - 2014-04-27 17:16 - 00075264 _____ () C:\Users\Kyle\Downloads\SystemLook.exe
2014-04-27 11:26 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-27 09:41 - 2014-04-27 09:40 - 00602112 _____ (OldTimer Tools) C:\Users\Kyle\Downloads\OTL.exe
2014-04-26 23:11 - 2010-01-16 21:57 - 00848318 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 23:05 - 2014-04-26 23:05 - 00688992 _____ (Swearware) C:\Users\Kyle\Downloads\dds.com
2014-04-26 22:15 - 2014-04-26 22:15 - 01243655 _____ () C:\Users\Kyle\Downloads\ProcessExplorer.zip
2014-04-26 10:38 - 2014-04-26 10:37 - 03662848 _____ () C:\Users\Kyle\Downloads\dd-wrt.v24-21402_NEWD-2_K2.6_mini-e800.bin
 
Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\ap10013.exe
C:\Users\Kyle\AppData\Local\Temp\bdfilters.dll
C:\Users\Kyle\AppData\Local\Temp\burnsetup.exe
C:\Users\Kyle\AppData\Local\Temp\HC2SetupPvt.exe
C:\Users\Kyle\AppData\Local\Temp\nsc6263.exe
C:\Users\Kyle\AppData\Local\Temp\nsfD9FD.exe
C:\Users\Kyle\AppData\Local\Temp\nsk45B4.exe
C:\Users\Kyle\AppData\Local\Temp\nsk48C4.exe
C:\Users\Kyle\AppData\Local\Temp\nskEC66.exe
C:\Users\Kyle\AppData\Local\Temp\nsmF893.exe
C:\Users\Kyle\AppData\Local\Temp\nsp5B29.exe
C:\Users\Kyle\AppData\Local\Temp\nsr3.exe
C:\Users\Kyle\AppData\Local\Temp\nsrEFDB.exe
C:\Users\Kyle\AppData\Local\Temp\nss5816.exe
C:\Users\Kyle\AppData\Local\Temp\nswB0A6.exe
C:\Users\Kyle\AppData\Local\Temp\nsx6E75.exe
C:\Users\Kyle\AppData\Local\Temp\nsz51A6.exe
C:\Users\Kyle\AppData\Local\Temp\nszE3EC.exe
C:\Users\Kyle\AppData\Local\Temp\processhacker-2.33-setup.exe
C:\Users\Kyle\AppData\Local\Temp\Quarantine.exe
C:\Users\Kyle\AppData\Local\Temp\speedmax_589.exe
C:\Users\Kyle\AppData\Local\Temp\uninst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 00:41] - [2014-03-04 05:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-20 00:36
 
==================== End Of Log ============================

 

 

EDIT:: I just want to say quick that i am no longer getting the messages but still want to make sure everything is ok. thanks

 

kyle

Attached Files


Edited by kylejw1990, 26 May 2014 - 12:07 PM.


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 AM

Posted 28 May 2014 - 12:47 PM

Hi,
 
I am sorry about the delay but I had some personal issues.

 

The log look ok. We can remove a few leftovers from potentially unwanted applications this way:

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either MSE or Ad-Aware.

 

 

Note: Also I noticed that you have CCleaner installed. The tool is safe as long as you don't use the built-in registry cleaner! If you don’t know how to use it, you may cause irreparable damage to your system.

 

Regards,
Georgi


cXfZ4wS.png


#8 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 29 May 2014 - 03:29 PM

here is the log but it did give me an error. something about variable cant be accessed that way...

 

log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02

Ran by Kyle at 2014-05-29 16:27:42 Run:1
Running from C:\Users\Kyle\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ []
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Kyle\AppData\Local\Temp\ccex.crx [2014-05-18]
Task: {073A3D1F-3E16-4E07-999E-F4830170CFEF} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:EEE39B00
AlternateDataStreams: C:\Users\Kyle\AppData\Local\4LLiavBwGxWkU:2hAF9l6bbKaHuAdq6ix9C2eUIgBt
C:\Users\Kyle\AppData\Local\Temp
end
 
 
 
 
 
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB8F1077-2511-449F-A0FF-AE9228C4B2D9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DB8F1077-2511-449F-A0FF-AE9228C4B2D9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} => Value deleted successfully.
C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj => Key deleted successfully.
"C:\Users\Kyle\AppData\Local\Temp\ccex.crx" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{073A3D1F-3E16-4E07-999E-F4830170CFEF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{073A3D1F-3E16-4E07-999E-F4830170CFEF} => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.
C:\ProgramData\TEMP => ":EEE39B00" ADS removed successfully.
C:\Users\Kyle\AppData\Local\4LLiavBwGxWkU => ":2hAF9l6bbKaHuAdq6ix9C2eUIgBt" ADS removed successfully.
 
"C:\Users\Kyle\AppData\Local\Temp" directory move:
 


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 AM

Posted 29 May 2014 - 11:26 PM

Hi,

 

It seems that the script worked as it should.

 

Please run a new scan with FRST (make sure that Additional.txt is checked as well before the scan) and post the logs in your next reply.

 

Also let me know how are the things now in your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#10 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 30 May 2014 - 01:28 AM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02

Ran by Kyle (administrator) on KYLE-PC on 30-05-2014 02:24:38
Running from C:\Users\Kyle\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-19] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\Run: [Google Update] => C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-01-29] (Google Inc.)
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {050a4b71-0394-11df-8aa9-001eec38aa3f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {2e6886c3-213c-11e1-96c3-005056c00008} - F:\KODAK_Software_Downloader.exe
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {45b1aed7-0892-11df-9ece-001eec38aa3f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {c0a4abd5-81af-11e0-91c3-001eec38aa3f} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {c513a6dd-9da9-11e0-af6e-001eec38aa3f} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2854015100-2970217473-1074027365-1000\...\MountPoints2: {fbf4d434-304f-11df-97f8-001eec38aa3f} - "F:\WD SmartWare.exe" autoplay=true
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC93B49A71897CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {EAD092B4-687A-4BFE-8EBF-24ABB0368AD0} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.6 156.154.70.43
 
FireFox:
========
FF ProfilePath: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Kyle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Kyle\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\staged [2014-02-06]
FF Extension: Anaglyph 3D - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\anaglyph3d@internauta1024a.pl.xpi [2013-02-15]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\extension@hidemyass.com.xpi [2012-03-12]
FF Extension: Firebug - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\firebug@software.joehewitt.com.xpi [2011-07-31]
FF Extension: Firecookie - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\firecookie@janodvarko.cz.xpi [2011-07-31]
FF Extension: Fireforce - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\fireforce@scrt.ch.xpi [2011-08-16]
FF Extension: AP Suggestor - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi [2012-06-13]
FF Extension: Tamper Data - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2012-03-12]
FF Extension: User Agent Switcher - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2011-07-31]
FF Extension: HackBar - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2011-08-01]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-14]
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Skype Click to Call) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-18]
CHR Extension: (Google Wallet) - C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-18]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2014-05-18]
CHR HKLM\...\Chrome\Extension: [ibnmbpihhamedhophbnjjpidokcknoid] - C:\Program Files\AP Suggestor\APSuggestor.crx [2014-05-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 metasploitPostgreSQL; C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [69098 2009-05-25] (Windows ® 2000 DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl9cbbac2a; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6332AD70-F2F8-4496-93C9-8453F6468801}\MpKsl9cbbac2a.sys [39464 2014-05-29] (Microsoft Corporation)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [116992 2008-03-27] (Mars Semiconductor Corp.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-20] ()
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated)
U3 as1mw2fn; C:\Windows\system32\Drivers\as1mw2fn.sys [0 ] (Microsoft Corporation)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 JakNDisMP; system32\DRIVERS\JakNDis.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-27 21:46 - 2014-05-27 21:46 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieUserList
2014-05-27 21:46 - 2014-05-27 21:46 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieSiteList
2014-05-26 13:00 - 2014-05-30 02:24 - 00014252 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-05-26 13:00 - 2014-05-30 02:24 - 00000000 ____D () C:\FRST
2014-05-26 12:58 - 2014-05-26 12:58 - 01056256 _____ (Farbar) C:\Users\Kyle\Desktop\FRST.exe
2014-05-25 00:50 - 2014-05-25 00:50 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\LavasoftStatistics
2014-05-25 00:35 - 2014-05-25 00:35 - 01727624 _____ () C:\Users\Kyle\Downloads\Adaware_Installer.exe
2014-05-24 12:59 - 2014-05-24 13:00 - 00001890 ____H () C:\aaw7boot.cmd
2014-05-21 10:27 - 2014-05-21 10:32 - 00000424 _____ () C:\Users\Kyle\Downloads\SystemLook.txt
2014-05-18 23:46 - 2014-05-18 23:46 - 00000925 _____ () C:\Users\Kyle\Desktop\Nmap - Zenmap GUI.lnk
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Program Files\WinPcap
2014-05-18 23:44 - 2014-05-18 23:44 - 26843165 _____ (Insecure.org) C:\Users\Kyle\Downloads\nmap-6.46-setup.exe
2014-05-18 23:38 - 2014-05-18 23:53 - 00000000 ____D () C:\Users\Kyle\.zenmap
2014-05-18 22:51 - 2014-05-20 21:59 - 00002590 _____ () C:\Users\Kyle\Desktop\Rkill.txt
2014-05-18 22:47 - 2014-05-21 00:38 - 00015419 _____ () C:\Users\Kyle\Desktop\dds.txt
2014-05-18 22:47 - 2014-05-21 00:38 - 00012375 _____ () C:\Users\Kyle\Desktop\attach.txt
2014-05-18 22:33 - 2014-05-20 22:01 - 00000000 ____D () C:\AdwCleaner
2014-05-18 22:29 - 2014-05-18 22:29 - 00000000 ____D () C:\Windows\pss
2014-05-18 22:26 - 2014-05-18 22:27 - 00171948 _____ () C:\Users\Kyle\Downloads\cc_20140518_222610.reg
2014-05-18 22:20 - 2014-05-18 22:20 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-18 22:17 - 2014-05-24 12:59 - 00000000 ____D () C:\Program Files\pcreg
2014-05-18 22:17 - 2014-05-18 22:22 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-18 22:17 - 2014-05-18 22:17 - 00000000 ____D () C:\Users\Kyle\AppData\Local\globalUpdate
2014-05-18 22:16 - 2014-05-18 22:21 - 00000000 ____D () C:\Program Files\pastaleads
2014-05-18 22:16 - 2014-05-18 22:18 - 00000000 ____D () C:\ProgramData\pastaleads
2014-05-18 22:00 - 2014-05-18 22:00 - 00000000 ____D () C:\Users\Kyle\Zero G Registry
2014-05-15 02:21 - 2014-05-15 02:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 02:12 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 02:12 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 02:12 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 00:42 - 2014-05-09 03:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 00:41 - 2014-05-09 03:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 00:41 - 2014-04-11 22:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 00:41 - 2014-04-11 22:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 00:41 - 2014-04-11 22:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 00:41 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 00:41 - 2014-04-11 22:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 00:41 - 2014-04-11 22:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 00:41 - 2014-04-11 22:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 00:41 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 00:41 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 00:41 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 00:41 - 2014-03-04 05:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 00:41 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 00:40 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-30 23:55 - 2014-04-30 23:56 - 04745984 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\ccsetup413.exe
2014-04-30 00:02 - 2014-05-15 11:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
==================== One Month Modified Files and Folders =======
 
2014-05-30 02:24 - 2014-05-26 13:00 - 00014252 _____ () C:\Users\Kyle\Desktop\FRST.txt
2014-05-30 02:24 - 2014-05-26 13:00 - 00000000 ____D () C:\FRST
2014-05-30 02:17 - 2010-01-29 00:30 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854015100-2970217473-1074027365-1000UA.job
2014-05-30 02:05 - 2013-03-04 21:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 00:55 - 2010-01-17 00:47 - 01494152 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 20:48 - 2009-07-14 00:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 20:48 - 2009-07-14 00:34 - 00013792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 20:17 - 2010-01-29 00:30 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854015100-2970217473-1074027365-1000Core.job
2014-05-29 16:50 - 2013-07-05 16:48 - 00000855 _____ () C:\Users\Kyle\Desktop\curling.txt
2014-05-29 15:40 - 2014-04-21 20:49 - 00003976 _____ () C:\Windows\setupact.log
2014-05-29 15:40 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 21:46 - 2014-05-27 21:46 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieUserList
2014-05-27 21:46 - 2014-05-27 21:46 - 00000000 __SHD () C:\Users\Kyle\AppData\Local\EmieSiteList
2014-05-26 12:58 - 2014-05-26 12:58 - 01056256 _____ (Farbar) C:\Users\Kyle\Desktop\FRST.exe
2014-05-26 08:59 - 2012-03-24 14:51 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-25 01:11 - 2012-03-24 14:51 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-25 00:50 - 2014-05-25 00:50 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\LavasoftStatistics
2014-05-25 00:35 - 2014-05-25 00:35 - 01727624 _____ () C:\Users\Kyle\Downloads\Adaware_Installer.exe
2014-05-24 14:53 - 2012-03-24 14:53 - 00000064 _____ () C:\Windows\system32\rp_stats.dat
2014-05-24 14:53 - 2012-03-24 14:53 - 00000044 _____ () C:\Windows\system32\rp_rules.dat
2014-05-24 13:00 - 2014-05-24 12:59 - 00001890 ____H () C:\aaw7boot.cmd
2014-05-24 12:59 - 2014-05-18 22:17 - 00000000 ____D () C:\Program Files\pcreg
2014-05-24 11:11 - 2013-03-17 20:40 - 00037352 _____ () C:\aaw7boot.log
2014-05-22 23:29 - 2014-04-21 20:49 - 00010386 _____ () C:\Windows\PFRO.log
2014-05-21 10:32 - 2014-05-21 10:27 - 00000424 _____ () C:\Users\Kyle\Downloads\SystemLook.txt
2014-05-21 00:38 - 2014-05-18 22:47 - 00015419 _____ () C:\Users\Kyle\Desktop\dds.txt
2014-05-21 00:38 - 2014-05-18 22:47 - 00012375 _____ () C:\Users\Kyle\Desktop\attach.txt
2014-05-20 22:11 - 2012-08-01 12:45 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-20 22:11 - 2012-08-01 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-05-20 22:11 - 2012-08-01 12:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-05-20 22:01 - 2014-05-18 22:33 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:59 - 2014-05-18 22:51 - 00002590 _____ () C:\Users\Kyle\Desktop\Rkill.txt
2014-05-20 07:03 - 2010-01-17 13:02 - 00069112 _____ () C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-20 07:02 - 2009-07-14 00:33 - 00306224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-20 01:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-20 01:22 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-20 01:20 - 2010-05-12 20:53 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0
2014-05-20 01:19 - 2010-01-20 21:33 - 00000510 _____ () C:\Windows\ODBC.INI
2014-05-20 01:14 - 2010-05-12 21:05 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-05-19 23:52 - 2010-01-20 21:32 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-05-19 23:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Registration
2014-05-19 11:58 - 2010-01-20 22:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-19 11:50 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-18 23:53 - 2014-05-18 23:38 - 00000000 ____D () C:\Users\Kyle\.zenmap
2014-05-18 23:46 - 2014-05-18 23:46 - 00000925 _____ () C:\Users\Kyle\Desktop\Nmap - Zenmap GUI.lnk
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2014-05-18 23:46 - 2014-05-18 23:46 - 00000000 ____D () C:\Program Files\WinPcap
2014-05-18 23:46 - 2011-04-05 14:59 - 00000000 ____D () C:\Program Files\Nmap
2014-05-18 23:44 - 2014-05-18 23:44 - 26843165 _____ (Insecure.org) C:\Users\Kyle\Downloads\nmap-6.46-setup.exe
2014-05-18 23:38 - 2010-01-16 21:54 - 00000000 ____D () C:\Users\Kyle
2014-05-18 22:37 - 2010-02-17 10:03 - 00000000 ____D () C:\Program Files\DivX
2014-05-18 22:29 - 2014-05-18 22:29 - 00000000 ____D () C:\Windows\pss
2014-05-18 22:29 - 2011-04-28 15:52 - 00000000 ____D () C:\ProgramData\PMB Files
2014-05-18 22:28 - 2011-04-28 15:52 - 00000000 ____D () C:\Users\Kyle\AppData\Local\PMB Files
2014-05-18 22:27 - 2014-05-18 22:26 - 00171948 _____ () C:\Users\Kyle\Downloads\cc_20140518_222610.reg
2014-05-18 22:22 - 2014-05-18 22:17 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-18 22:21 - 2014-05-18 22:16 - 00000000 ____D () C:\Program Files\pastaleads
2014-05-18 22:20 - 2014-05-18 22:20 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-18 22:19 - 2010-01-17 14:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-18 22:18 - 2014-05-18 22:16 - 00000000 ____D () C:\ProgramData\pastaleads
2014-05-18 22:17 - 2014-05-18 22:17 - 00000000 ____D () C:\Users\Kyle\AppData\Local\globalUpdate
2014-05-18 22:11 - 2010-08-21 09:10 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-05-18 22:08 - 2010-06-08 16:29 - 00000000 ____D () C:\ProgramData\DivX
2014-05-18 22:06 - 2010-02-18 03:27 - 00000000 ____D () C:\Program Files\GRETECH
2014-05-18 22:00 - 2014-05-18 22:00 - 00000000 ____D () C:\Users\Kyle\Zero G Registry
2014-05-18 22:00 - 2010-08-31 17:45 - 00000000 ____D () C:\JBuilder9
2014-05-18 22:00 - 2010-08-31 17:36 - 00000016 _____ () C:\Users\Kyle\persistent_state
2014-05-16 01:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-05-15 11:51 - 2014-04-30 00:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 02:26 - 2013-08-15 14:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 02:22 - 2010-04-02 09:23 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 02:21 - 2014-05-15 02:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:05 - 2013-03-04 21:13 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 01:05 - 2013-03-04 21:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-09 03:06 - 2014-05-15 00:42 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 03:04 - 2014-05-15 00:41 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 20:34 - 2009-07-14 00:53 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-05 23:25 - 2014-05-15 02:12 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 23:07 - 2014-05-15 02:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:10 - 2014-05-15 02:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-01 09:37 - 2012-04-05 18:06 - 00000000 ____D () C:\Users\Kyle\AppData\Roaming\Skype
2014-04-30 23:56 - 2014-04-30 23:55 - 04745984 _____ (Piriform Ltd) C:\Users\Kyle\Downloads\ccsetup413.exe
 
Some content of TEMP:
====================
C:\Users\Kyle\AppData\Local\Temp\ap10013.exe
C:\Users\Kyle\AppData\Local\Temp\bdfilters.dll
C:\Users\Kyle\AppData\Local\Temp\burnsetup.exe
C:\Users\Kyle\AppData\Local\Temp\HC2SetupPvt.exe
C:\Users\Kyle\AppData\Local\Temp\nsc6263.exe
C:\Users\Kyle\AppData\Local\Temp\nsfD9FD.exe
C:\Users\Kyle\AppData\Local\Temp\nsk45B4.exe
C:\Users\Kyle\AppData\Local\Temp\nsk48C4.exe
C:\Users\Kyle\AppData\Local\Temp\nskEC66.exe
C:\Users\Kyle\AppData\Local\Temp\nsmF893.exe
C:\Users\Kyle\AppData\Local\Temp\nsp5B29.exe
C:\Users\Kyle\AppData\Local\Temp\nsr3.exe
C:\Users\Kyle\AppData\Local\Temp\nsrEFDB.exe
C:\Users\Kyle\AppData\Local\Temp\nss5816.exe
C:\Users\Kyle\AppData\Local\Temp\nswB0A6.exe
C:\Users\Kyle\AppData\Local\Temp\nsx6E75.exe
C:\Users\Kyle\AppData\Local\Temp\nsz51A6.exe
C:\Users\Kyle\AppData\Local\Temp\nszE3EC.exe
C:\Users\Kyle\AppData\Local\Temp\processhacker-2.33-setup.exe
C:\Users\Kyle\AppData\Local\Temp\Quarantine.exe
C:\Users\Kyle\AppData\Local\Temp\speedmax_589.exe
C:\Users\Kyle\AppData\Local\Temp\uninst.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 00:41] - [2014-03-04 05:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 00:26
 
==================== End Of Log ============================

 

addition.txt is too big to upload... but everything looks good. dont you think? thanks for your help :]



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 AM

Posted 01 June 2014 - 04:31 AM

Hello,

 

The following error:

 

here is the log but it did give me an error. something about variable cant be accessed that way...

 

was fixed in the latest version of FRST (it wasn't related to your computer).

 

Although we managed to clean the infection I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

 

Regards,

Georgi


cXfZ4wS.png


#12 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 02 June 2014 - 05:31 AM

adwcleaner log:

 

 

# AdwCleaner v3.021 - Report created 18/05/2014 at 22:35:42

# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Kyle - KYLE-PC
# Running from : J:\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\Kyle\AppData\Local\apn
Folder Deleted : C:\Users\Kyle\AppData\Local\Conduit
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\ConduitCommon
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\CT2786678
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
File Deleted : C:\END
File Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\searchplugins\avg-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_notepad-portable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_notepad-portable_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v5.0 (en-US)
 
[ File : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\prefs.js ]
 
Line Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_130067977588633691", true);
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_1359634298000", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "6-2-2014");
Line Deleted : user_pref("CT2786678.DSInstall", false);
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu Feb 06 2014 11:43:40 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Mon Mar 12 2012 12:05:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 132);
Line Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Mon Mar 12 2012 12:05:57 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "12-3-2012");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HPInstall", false);
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Sun Jan 22 2012 20:01:53 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Feb 06 2014 11:43:40 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Fri Feb 15 2013 14:21:34 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.18.0.7", "Thu Feb 06 2014 11:43:40 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Mon Mar 12 2012 12:05:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
Line Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Yahoo");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Feb 06 2014 11:43:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Feb 06 2014 11:43:37 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Thu Feb 06 2014 11:43:36 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1391531180");
Line Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Mar 11 2012 14:16:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2786678.ToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,OurToolbar.com,CommunityToolbar[...]
Line Deleted : user_pref("CT2786678.UserID", "UN31673240422384985");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 1);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Mon Mar 12 2012 12:06:05 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4D6F6E204D617220313220323031322031323A30363A313020474D542D3034303020284561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sun Mar 11 2012 14:16:50 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Feb 06 2014 11:43:40 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Mar 11 2012 14:16:39 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"05e44b4f647bdb67d2af8ae4020a74153\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1362324159\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:12ac\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"f414eeaa6bece1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"088006456cbdc28125581f47c97299fe\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e6b6cafbe044e5ac09c5c18802a5291\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Kyle\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\veblf068.default\\conduitCommon\\modules\\3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://cdn.triplegames.com/shared/apps/gamearcade/arcade.htm?ctId=CT2786678", "444x9");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Mar 11 2012 14:16:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "78c63e8d-376e-48e4-a382-04938fa9596b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 11 2012 14:17:02 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 12 2012 12:06:05 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Mar 12 2012 12:05:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "0ba92053-6829-4e71-8d48-345d39039d3e");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("browser.search.selectedEngine", "Blekko");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
 
-\\ Google Chrome v
 
[ File : C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : icon_url
 
*************************
 
AdwCleaner[R0].txt - [21268 octets] - [18/05/2014 22:33:28]
AdwCleaner[S0].txt - [21078 octets] - [18/05/2014 22:35:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21139 octets] ##########
 

 

Junkware log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Kyle on Sun 06/01/2014 at 11:40:31.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kyle\Local Settings\Application Data\cre"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/01/2014 at 11:44:16.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

rouguekiller:

 

http://pastebin.com/vac3fFZZ

 

Malwarebyes:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.05.31.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17107
Kyle :: KYLE-PC [administrator]
 
Protection: Disabled
 
6/1/2014 11:56:42 PM
mbam-log-2014-06-01 (23-56-42).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243692
Time elapsed: 9 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 15
C:\Users\Kyle\AppData\Local\Temp\nsr3.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsrEFDB.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nss5816.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nswB0A6.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsx6E75.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsz51A6.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nszE3EC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsc6263.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsfD9FD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsk45B4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsk48C4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nskEC66.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsmF893.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\nsp5B29.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\Temp\n380\s380.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
 
(end)
 

 

hitman pro:

 

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : KYLE-PC
   Windows . . . . . . . : 6.1.1.7601.X86/1
   User name . . . . . . : Kyle-PC\Kyle
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2014-06-02 00:19:31
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 157
 
   Objects scanned . . . : 1,546,621
   Files scanned . . . . : 37,764
   Remnants scanned  . . : 409,535 files / 1,099,322 keys
 
Miniport ____________________________________________________________________
 
   Primary
      DriverObject . . . : 85DA0F38
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 850671F8 +0
   Solution
      DriverObject . . . : 85DA0F38
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 8900644E \SystemRoot\system32\drivers\ataport.SYS+25678
 
Malware _____________________________________________________________________
 
   C:\Windows\Temp\file_to_run551378.exe -> Quarantined
      Size . . . . . . . : 968,232 bytes
      Age  . . . . . . . : 12.2 days (2014-05-20 20:26:49)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : D1015F164C0CC23FF9BBB4EEB27EC02D1AE7B3337B4D99D6739BC75539C7FFB5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : Trojan-Downloader.Win32.Genome.gwjy
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -1.2s C:\Windows\Temp\inst221556.txt
          0.0s C:\Windows\Temp\file_to_run551378.exe
          0.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B
          0.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_8CA7164968F366C9A94AC8E71C4BDD9B
          0.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CA7B2D59B4E9BC2D316D1AECDFC12F63_59EC90812CBEB8A2C4BAD2905AF8A223
          0.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CA7B2D59B4E9BC2D316D1AECDFC12F63_59EC90812CBEB8A2C4BAD2905AF8A223
          4.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{49BB69A7-F90C-4D26-BEF9-501BD9903681}
          9.6s C:\Temp\launcher.exe
          9.7s C:\Temp\a.exe
          9.8s C:\Temp\white.exe
         12.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\73\6672FDECD9FD76F5.dat
         12.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{4DD009AE-41DA-441D-A8F2-AEAD876CBC27}
         19.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8FB5FDF1-3C74-4E2E-9736-6E9929327786}
         22.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\43\5A803558F1CEEFCB.dat
         22.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{0D7BA25F-DEFD-4F0C-9C98-0A21A215EB39}
         26.8s C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM54XBCB\MG520KOB.jpg
         27.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{77336084-E568-4A2F-8535-5F2D4D5F2AE8}
         29.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\87\
         29.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\87\8D61230684DFD677.dat
         29.3s C:\Users\Kyle\AppData\Local\Temp\nsh5486.tmp
         29.6s C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A107LXT9\downloadstub[1].json
         46.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{8570605B-52B6-4A45-86AE-805DE4C3176A}
         48.3s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\34\F8B157858A6375BE.dat
         48.6s C:\Users\Kyle\AppData\Local\Temp\nsrA006.tmp
         48.6s C:\Users\Kyle\AppData\Local\Temp\nsrA006\
         62.5s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{A0D74B5F-B79A-4142-A6CA-501F31D57E28}
         64.5s C:\Users\Kyle\AppData\Local\Temp\nsmDE0F.tmp
         64.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\13\
         64.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\13\19C0EB55D1B4C811.dat
         69.0s C:\Users\Kyle\AppData\Local\Temp\nsrEFDB.tmp
         70.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\83\
         70.6s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\83\4CF615400699709B.dat
         71.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{5972855A-69B3-4F54-99CF-F6AD97F6B100}
         71.3s C:\Users\Kyle\AppData\Local\Temp\nsmF893.tmp
         72.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\29\
         72.9s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\29\DE9DD06046460821.dat
         73.2s C:\Users\Kyle\AppData\Local\Temp\nsr3.tmp
         75.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\15\
         75.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\15\E7F921B8EA0D7707.dat
         81.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{59158EAC-4D23-483B-94CC-42F5A7500811}
         87.0s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{54657765-534B-4E07-8825-6AC6BCB5DCD4}
         87.2s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{BF96E1EA-48DE-4647-A4E8-791436620C6F}
         91.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{D4A88843-5C39-4AB1-B03D-685A5E1C9F84}
         95.7s C:\Users\Kyle\AppData\Local\Temp\nss5816.tmp
         98.4s C:\Users\Kyle\AppData\Local\Temp\nsc6263.tmp
         101.4s C:\Users\Kyle\AppData\Local\Temp\nsx6E75.tmp
         106.9s C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A107LXT9\J10J2MPS.jpg
         107.0s C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VM54XBCB\ct3326238[1].txt
         110.0s C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A107LXT9\countryCode[1].js
         111.1s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MetaStore\2\70\2B1E460E81E84756.dat
         111.5s C:\Users\Kyle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYAASEW7\sp[1].htm
         112.4s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{892462C3-3E29-4A3B-9194-92AD436ED47C}
         112.8s C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\Results\Resource\{1B3726D5-4C67-4EE3-83BB-7AE5A95EAEEE}
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pof.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.videohub.tv
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:biglots.112.2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:cisco.112.2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:cpmstar.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:medhelpinternational.112.2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:overtons.112.2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:sparknetworks.112.2o7.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Users\Kyle\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\1BLLSQRD.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\1LQXS8UG.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\1ZRGBENK.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\7H8V4X5Y.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\8VT46NGL.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\A0JJ5XT7.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\B0QGRIJJ.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\BUZNPCLB.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\CDP38VJG.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\CRPA4J9V.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\D0MZ8X69.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\FTFK717K.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\HMO37MYL.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\KQBLZ9GF.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\KU9D0K3Y.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\L9GG0CCG.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\LSOYXTH4.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\MOSNRI2Y.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\N4I02EUI.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\OKKEL3EI.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\QL1GIZKI.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\RRO5252X.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\RUM3YF0F.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\S4V0JZZQ.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\UKKIGB6B.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\UQ6OL4AT.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\UT07EPQ8.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\VXGGJSVI.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\W7F6S8QS.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\X3XMRYZG.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\X7ZKHPHA.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\XCSRGBYR.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\YPC357UO.txt
   C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\Z0X021NO.txt
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ad.wsod.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:adbrite.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.crakmedia.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.intergi.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.newgrounds.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.pointroll.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.trafficjunky.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ads.undertone.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:adultfriendfinder.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:advertising.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:apmebf.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:atdmt.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:avgtechnologies.112.2o7.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:burstnet.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:casalemedia.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:collective-media.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:content.yieldmanager.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:doubleclick.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ero-advertising.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:fastclick.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:interclick.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:invitemedia.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:james.adbutler.de
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:kontera.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:media6degrees.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:mediaplex.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:openx.sexsearch.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:pixel.invitemedia.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:pointroll.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:pornhub.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:pornhublive.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:questionmarket.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:revsci.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:rts.phn.doublepimp.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:ru4.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:server.cpmstar.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:serving-sys.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:sexad.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:socialsex.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:southeasternbookcompany.122.2o7.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:specificclick.net
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:statcounter.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:tribalfusion.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:wt.socialsex.biz
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:www.burstnet.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:www.frontpagecash.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:www.pornhub.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:www.pornhublive.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:www.socialsex.com
   C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\veblf068.default\cookies.sqlite:yieldmanager.net
 
 

Edited by kylejw1990, 02 June 2014 - 05:35 AM.


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 AM

Posted 03 June 2014 - 03:54 PM

Hello,

 

It seems that you are still using the old version MBAM: (Malwarebytes Anti-Malware (Trial) 1.75.0.1300)

It's a good idea to uninstall it via Control Panel, then run mbam-clean.exe as described here and then install the version from the link above from my previous post. Update MBAM defs and run a new scan (make sure that "scan for rootkits" is turned on before you proceed with the system check).

 

Also let me know how are things now in your next reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 04 June 2014 - 02:03 AM.
typo.

cXfZ4wS.png


#14 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:12:51 AM

Posted 03 June 2014 - 07:30 PM

everything seems alright, this is the log:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/3/2014
Scan Time: 7:35:32 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.03.07
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Kyle
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 252870
Time Elapsed: 52 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.HQVideoPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQ-Video-Pro-1.9, Quarantined, [af03a2d1d8a39a9c48ebedbf0200b848], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by kylejw1990, 03 June 2014 - 07:31 PM.


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:51 AM

Posted 04 June 2014 - 02:05 AM

Good.

 

 

STEP 1

 

 

Before I let you free I'd like us to scan your machine with ESET OnlineScan to be completely sure your pc is malware free.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 2

 

 

 

Also let's check for outdated and vulnerable software on your pc:

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe to run it.
  • A notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users