Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups and ITunes won't respond


  • This topic is locked This topic is locked
14 replies to this topic

#1 bjacks9

bjacks9

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 22 July 2014 - 11:58 AM

I keep getting pop ups that won't go away no matter how much I clean my computer and ITunes doesn't respond and won't ever run properly. Please help!

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.45.2
Run by Bianca at 11:49:08 on 2014-07-22
#Option MBR scan  is disabled.
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3062.1981 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Users\Bianca\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\FlashPlayerInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [Spotify Web Helper] "c:\users\bianca\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9D6FEBBB-52BD-4DB4-AABE-F294464AD36E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bianca\appdata\roaming\mozilla\firefox\profiles\tpmu7ugv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311339&CUI=UN34885442672303613&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL -
.
============= SERVICES / DRIVERS ===============
.
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 SystemStoreService;System Store;c:\program files\softwareupdater\SystemStore.exe [2013-12-15 297984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-1 108032]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-6-1 40776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-7-13 1343400]
.
=============== Created Last 30 ================
.
2014-07-22 16:49:09 10603008 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-07-22 16:27:29 -------- d-----w- c:\program files\iPod
2014-07-22 16:27:28 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-22 16:27:28 -------- d-----w- c:\program files\iTunes
.
==================== Find3M  ====================
.
2014-07-22 16:49:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 16:49:13 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-02 00:03:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-05-09 07:06:23 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 07:04:12 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-06 03:07:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 11:50:05.64 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 27 July 2014 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 July 2014 - 01:06 AM

Hi nasdaq,

 

Thank you for your help! So the problems that persist are I'm still getting pop ups and upon starting my laptop, the internet connection goes away and comes back after a few minutes, and ITunes still won't run.

 

 

# AdwCleaner v3.300 - Report created 27/07/2014 at 22:30:21
# Updated 27/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Bianca - BIANCA-PC
# Running from : C:\Users\Bianca\Desktop\adwcleaner_3.300.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SystemStoreService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\SoftwareUpdater
Folder Deleted : C:\Users\Bianca\AppData\Local\Conduit
Folder Deleted : C:\Users\Bianca\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Bianca\AppData\Local\Software_Updater
Folder Deleted : C:\Users\Bianca\AppData\Local\SoftwareUpdater
Folder Deleted : C:\Users\Bianca\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bianca\AppData\LocalLow\GutscheinCodes
Folder Deleted : C:\Users\Bianca\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Bianca\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\tpmu7ugv.default\Smartbar
Folder Deleted : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\tpmu7ugv.default\CT3311339
Folder Deleted : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\tpmu7ugv.default\Extensions\{30b52caf-a2ee-4d8c-9c8f-901002e47c09}
File Deleted : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\tpmu7ugv.default\user.js

***** [ Tâches planifiées ] *****

Tâche supprimée : Software Updater Ui
Tâche supprimée : Software Updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateveberGreat_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateveberGreat_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311339
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\tpmu7ugv.default\prefs.js ]

Line Deleted : user_pref("CT3311339.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3311339.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3311339.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.FF19Solved", "true");
Line Deleted : user_pref("CT3311339.FirstTime", "true");
Line Deleted : user_pref("CT3311339.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3311339.UserID", "UN34885442672303613");
Line Deleted : user_pref("CT3311339.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3311339.appOptions", "{}");
Line Deleted : user_pref("CT3311339.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311339.countryCode", "US");
Line Deleted : user_pref("CT3311339.defaultSearch", "true");
Line Deleted : user_pref("CT3311339.enableAlerts", "true");
Line Deleted : user_pref("CT3311339.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3311339.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3311339.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3311339.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3311339.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3311339.fullUserID", "UN34885442672303613.IN.20131215145708");
Line Deleted : user_pref("CT3311339.homepageuserchanged", true);
Line Deleted : user_pref("CT3311339.installDate", "15/12/2013 14:57:10");
Line Deleted : user_pref("CT3311339.installSessionId", "{E6C2A113-6C86-4575-8E67-54068F7E28A9}");
Line Deleted : user_pref("CT3311339.installSp", "TRUE");
Line Deleted : user_pref("CT3311339.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3311339.installUsage", "2013-12-16T00:13:03.7816893+03:00");
Line Deleted : user_pref("CT3311339.installUsageEarly", "2013-12-16T00:13:03.0484799+03:00");
Line Deleted : user_pref("CT3311339.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3311339.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3311339.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3311339.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3311339.keyword", "true");
Line Deleted : user_pref("CT3311339.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3311339.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3311339.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fsupport.mozilla.org%2Fen-US%2Fkb%2Fstartup-home-page-download-settings%3Fredirectlocale%3De[...]
Line Deleted : user_pref("CT3311339.openThankYouPage", "false");
Line Deleted : user_pref("CT3311339.openUninstallPage", "true");
Line Deleted : user_pref("CT3311339.originalHomepage", "hxxp://google.com/");
Line Deleted : user_pref("CT3311339.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3311339.originalSearchEngine", "");
Line Deleted : user_pref("CT3311339.originalSearchEngineName", "");
Line Deleted : user_pref("CT3311339.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3311339.search.searchAppId", "130204431312330628");
Line Deleted : user_pref("CT3311339.search.searchCount", "0");
Line Deleted : user_pref("CT3311339.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3311339.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3311339.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3311339.searchRevert", "true");
Line Deleted : user_pref("CT3311339.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3311339.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3311339.searchUserMode", "2");
Line Deleted : user_pref("CT3311339.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3311339\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreemiumEN1.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freemium EN1 \"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3311339.serviceLayer_services_Configuration_lastUpdate", "1387142026528");
Line Deleted : user_pref("CT3311339.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1387142027291");
Line Deleted : user_pref("CT3311339.serviceLayer_services_appsMetadata_lastUpdate", "1387142026922");
Line Deleted : user_pref("CT3311339.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1387142027062");
Line Deleted : user_pref("CT3311339.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1387142026534");
Line Deleted : user_pref("CT3311339.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1387142027616");
Line Deleted : user_pref("CT3311339.serviceLayer_services_login_10.23.0.722_lastUpdate", "1387142027298");
Line Deleted : user_pref("CT3311339.serviceLayer_services_login_10.23.0.822_lastUpdate", "1387220386945");
Line Deleted : user_pref("CT3311339.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1387142027107");
Line Deleted : user_pref("CT3311339.serviceLayer_services_searchAPI_lastUpdate", "1387142027253");
Line Deleted : user_pref("CT3311339.serviceLayer_services_serviceMap_lastUpdate", "1387142026029");
Line Deleted : user_pref("CT3311339.serviceLayer_services_toolbarContextMenu_lastUpdate", "1387142027005");
Line Deleted : user_pref("CT3311339.serviceLayer_services_toolbarSettings_lastUpdate", "1387220387402");
Line Deleted : user_pref("CT3311339.serviceLayer_services_translation_lastUpdate", "1387142027178");
Line Deleted : user_pref("CT3311339.settingsINI", true);
Line Deleted : user_pref("CT3311339.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3311339.showToolbarPermission", "false");
Line Deleted : user_pref("CT3311339.smartbar.CTID", "CT3311339");
Line Deleted : user_pref("CT3311339.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3311339.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311339.smartbar.toolbarName", "Freemium EN1 ");
Line Deleted : user_pref("CT3311339.startPage", "true");
Line Deleted : user_pref("CT3311339.toolbarBornServerTime", "16-12-2013");
Line Deleted : user_pref("CT3311339.toolbarCurrentServerTime", "16-12-2013");
Line Deleted : user_pref("CT3311339.toolbarDisabled", "true");
Line Deleted : user_pref("CT3311339.toolbarInstallDate", "15-12-2013 14:57:09");
Line Deleted : user_pref("CT3311339.toolbarLoginClientTime", "Sun Dec 15 2013 15:13:47 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT3311339.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT3311339.xpeMode", "0");
Line Deleted : user_pref("CT3311339_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387220643498,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3311339");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Freemium EN1 Customized Web Search");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3311339");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311339&CUI=UN34885442672303613&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311339&octid=CT3311339&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311339&SearchSource=2&CUI=UN34885442672303613&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311339");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3311339");
Line Deleted : user_pref("smartbar.machineId", "APRQMMGZROO37VVYBA/Q0ORHHZAKPVPCM45AL3ZCV5QAM4RFIK2CB+7SIRXFIFJ2XWVAJE/FFFBP231QRMUPZW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3311339&CUI=UN34885442672303613&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_currentVersion", "312E31312E352E31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3311339.mam_gk_migrated_from_ls.storedInFile", false);

*************************

AdwCleaner[R0].txt - [12706 octets] - [27/07/2014 22:28:58]
AdwCleaner[S0].txt - [12922 octets] - [27/07/2014 22:30:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12983 octets] ##########

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Bianca (administrator) on BIANCA-PC on 28-07-2014 00:24:16
Running from C:\Users\Bianca\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Spotify Ltd) C:\Users\Bianca\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1954346298-1810768968-653049334-1001\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1954346298-1810768968-653049334-1001\...\Run: [Spotify Web Helper] => C:\Users\Bianca\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-04] (Spotify Ltd)
HKU\S-1-5-21-1954346298-1810768968-653049334-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1954346298-1810768968-653049334-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-1954346298-1810768968-653049334-1001\...\Run: [Google Update] => C:\Users\Bianca\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-12] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x34C6CA252ADECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {718059B5-0F03-444E-907C-BCE2E5B9D884} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {718059B5-0F03-444E-907C-BCE2E5B9D884} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {AB42F39E-63D6-415B-B42A-01EC069ECE8B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311339&CUI=UN40830951202759919&UM=2
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\tpmu7ugv.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Bianca\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Bianca\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Bianca\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Bianca\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Bianca\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Bianca\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-27] (Malwarebytes Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 catchme; \??\C:\Users\Bianca\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 00:24 - 2014-07-28 00:25 - 00007919 _____ () C:\Users\Bianca\Desktop\FRST.txt
2014-07-27 22:56 - 2014-07-28 00:24 - 00000000 ____D () C:\FRST
2014-07-27 22:55 - 2014-07-27 22:55 - 00013064 _____ () C:\Users\Bianca\Desktop\AdwCleaner[S0].txt
2014-07-27 22:28 - 2014-07-27 22:30 - 00000000 ____D () C:\AdwCleaner
2014-07-27 17:36 - 2014-07-27 19:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 17:35 - 2014-07-27 17:35 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 17:35 - 2014-07-27 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 17:34 - 2014-07-27 17:35 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 17:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-27 17:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-27 15:09 - 2014-07-27 15:09 - 01367289 _____ () C:\Users\Bianca\Desktop\adwcleaner_3.300.exe
2014-07-27 15:08 - 2014-07-27 15:08 - 01084416 _____ (Farbar) C:\Users\Bianca\Desktop\FRST.exe
2014-07-24 22:07 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-24 21:55 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-24 21:54 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-24 21:54 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-24 21:54 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-24 21:54 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-24 21:54 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-24 21:54 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-24 21:49 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-07-24 21:49 - 2014-04-04 21:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-24 21:49 - 2014-04-04 21:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-24 21:02 - 2014-05-08 04:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-24 20:56 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-22 11:38 - 2014-07-22 11:38 - 00144776 _____ () C:\Windows\Minidump\072214-27534-01.dmp
2014-07-22 11:38 - 2014-07-22 11:38 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 11:37 - 2014-07-22 11:37 - 337251182 _____ () C:\Windows\MEMORY.DMP
2014-07-22 11:33 - 2014-07-22 11:33 - 00688992 _____ (Swearware) C:\Users\Bianca\Downloads\dds.com
2014-07-22 11:28 - 2014-07-22 11:28 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-22 11:28 - 2014-07-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-22 11:27 - 2014-07-22 11:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-22 11:27 - 2014-07-22 11:28 - 00000000 ____D () C:\Program Files\iTunes
2014-07-22 11:27 - 2014-07-22 11:27 - 00000000 ____D () C:\Program Files\iPod
2014-07-22 11:21 - 2014-07-22 11:21 - 00021899 ____H () C:\Users\Bianca\Desktop\~WRL0003.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 00:25 - 2014-07-28 00:24 - 00007919 _____ () C:\Users\Bianca\Desktop\FRST.txt
2014-07-28 00:24 - 2014-07-27 22:56 - 00000000 ____D () C:\FRST
2014-07-27 23:49 - 2013-11-10 11:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 23:48 - 2013-11-12 20:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954346298-1810768968-653049334-1001UA.job
2014-07-27 22:55 - 2014-07-27 22:55 - 00013064 _____ () C:\Users\Bianca\Desktop\AdwCleaner[S0].txt
2014-07-27 22:54 - 2013-11-10 11:24 - 01424231 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 22:49 - 2009-07-13 23:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 22:49 - 2009-07-13 23:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 22:37 - 2014-06-08 13:52 - 00001624 _____ () C:\Windows\setupact.log
2014-07-27 22:31 - 2014-06-08 13:51 - 00000860 _____ () C:\Windows\PFRO.log
2014-07-27 22:31 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 22:30 - 2014-07-27 22:28 - 00000000 ____D () C:\AdwCleaner
2014-07-27 22:14 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-07-27 19:16 - 2014-07-27 17:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 17:35 - 2014-07-27 17:35 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-27 17:35 - 2014-07-27 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-27 17:35 - 2014-07-27 17:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-27 17:35 - 2014-03-03 04:42 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Malwarebytes
2014-07-27 17:34 - 2014-03-03 04:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 15:09 - 2014-07-27 15:09 - 01367289 _____ () C:\Users\Bianca\Desktop\adwcleaner_3.300.exe
2014-07-27 15:08 - 2014-07-27 15:08 - 01084416 _____ (Farbar) C:\Users\Bianca\Desktop\FRST.exe
2014-07-27 15:05 - 2014-06-01 14:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-24 21:12 - 2013-11-10 10:29 - 00000000 ____D () C:\Users\Bianca
2014-07-22 13:56 - 2013-11-10 11:35 - 00000000 ____D () C:\Users\Bianca\AppData\Roaming\Mozilla
2014-07-22 12:50 - 2013-11-10 11:01 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-22 12:50 - 2013-11-10 11:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 12:47 - 2013-11-12 20:39 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1954346298-1810768968-653049334-1001Core.job
2014-07-22 11:53 - 2014-05-27 09:17 - 00010491 _____ () C:\Users\Bianca\Desktop\attach.txt
2014-07-22 11:53 - 2014-05-27 09:17 - 00009083 _____ () C:\Users\Bianca\Desktop\dds.txt
2014-07-22 11:38 - 2014-07-22 11:38 - 00144776 _____ () C:\Windows\Minidump\072214-27534-01.dmp
2014-07-22 11:38 - 2014-07-22 11:38 - 00000000 ____D () C:\Windows\Minidump
2014-07-22 11:37 - 2014-07-22 11:37 - 337251182 _____ () C:\Windows\MEMORY.DMP
2014-07-22 11:33 - 2014-07-22 11:33 - 00688992 _____ (Swearware) C:\Users\Bianca\Downloads\dds.com
2014-07-22 11:28 - 2014-07-22 11:28 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-22 11:28 - 2014-07-22 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-22 11:28 - 2014-07-22 11:27 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-22 11:28 - 2014-07-22 11:27 - 00000000 ____D () C:\Program Files\iTunes
2014-07-22 11:27 - 2014-07-22 11:27 - 00000000 ____D () C:\Program Files\iPod
2014-07-22 11:27 - 2013-11-10 11:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-22 11:21 - 2014-07-22 11:21 - 00021899 ____H () C:\Users\Bianca\Desktop\~WRL0003.tmp

Some content of TEMP:
====================
C:\Users\Bianca\AppData\Local\temp\catchme.dll
C:\Users\Bianca\AppData\Local\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-27 22:13

==================== End Of Log ============================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 28 July 2014 - 07:28 AM



Your version of AdwCleaner is outdated.
Please remove your current version and download the latest from this site.
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Install the application and run it.
Delete everything that will be found.

===

Clean the following.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
SearchScopes: HKCU - {AB42F39E-63D6-415B-B42A-01EC069ECE8B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311339&CUI=UN40830951202759919&UM=2
FF Plugin: @microsoft.com/GENUINE - disabled No File
S3 catchme; \??\C:\Users\Bianca\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 30 July 2014 - 07:38 PM

Nasdaq,

 

There have been no changes to the way my computer has been running. I'm still having pop ups and I'm unable to run ITunes and my computer is still starting up slowly.  

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:30-07-2014
Ran by Bianca at 2014-07-30 14:49:15 Run:1
Running from C:\Users\Bianca\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - {AB42F39E-63D6-415B-B42A-01EC069ECE8B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3311339&CUI=UN40830951202759919&UM=2
FF Plugin: @microsoft.com/GENUINE - disabled No File
S3 catchme; \??\C:\Users\Bianca\AppData\Local\Temp\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
*****************

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB42F39E-63D6-415B-B42A-01EC069ECE8B}" => Key deleted successfully.
"HKCR\CLSID\{AB42F39E-63D6-415B-B42A-01EC069ECE8B}" => Key not found.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin: @microsoft.com/GENUINE - disabled No File not found.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.

==== End of Fixlog ====

 

 

 

 Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 7 Update 51 
 Java version out of Date!
 Adobe Flash Player  14.0.0.145 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 31 July 2014 - 08:18 AM

I'm still having pop ups


Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to remove the Redirects try this.
...

Reset all you Browsers.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Internet Explorer:
Menu > Tools > Internet Options > General Tab.
Click the Reset button on the bottom of the pane.
Clcik the Apply button.
Close IE.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 51

===

Can you reinstall iTunes?


How is it now?

#7 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 04 August 2014 - 12:48 PM

Nasdaq,

 

I am still having an issue with pop ups, my computer is still taking slowly to load up, and I cant run ITunes after deleting and reinstalling. Is there anything else I can do?

 

Thanks,

Bianca



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 05 August 2014 - 07:27 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#9 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 07 August 2014 - 10:37 PM

RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Bianca [Admin rights]
Mode : Remove -- Date : 08/07/2014  22:35:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> NOT SELECTED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> NOT SELECTED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1954346298-1810768968-653049334-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> NOT SELECTED
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\SFEP.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2250BH ATA Device +++++
--- User ---
[MBR] 4c76f1bc970033e4108cb15478a8b33c
[BSP] decf9f16b4247035d273cfa5afc069ec : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7957 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 16297984 | Size: 230516 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_08072014_222715.log



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 08 August 2014 - 07:22 AM


Run the RogueKiller tool and clean these items.
The first 3 will be removed and the other will be reset.

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> NOT SELECTED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme -> NOT SELECTED
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> NOT SELECTED
[PUM.Policies] HKEY_USERS\S-1-5-21-1954346298-1810768968-653049334-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> NOT SELECTED
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

===

AdwCleaner v3.303 is now available.
Run the application and get the new version.
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Which browser is opened when you start the computer?

Are the pop-ups active in other browsers?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 14 August 2014 - 08:51 AM

Are you still with me?

#12 bjacks9

bjacks9
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 18 August 2014 - 06:43 AM

I'm sorry I'm still with you however my laptop still is not running any better so I'm not able to access the internet on that and I'm responding to you now on my phone. My laptop keeps turning off windows explorer when it starts up an runs slowly when trying to use internet explorer. IE is now starting to force close

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 18 August 2014 - 08:19 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
IMPORTANT....
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
 
Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============
 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 24 August 2014 - 08:03 AM

Are you still with me?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:24 PM

Posted 30 August 2014 - 07:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users