Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infectio -


  • This topic is locked This topic is locked
22 replies to this topic

#1 randy_pan

randy_pan

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 31 December 2014 - 04:14 PM

Greetings and salutations.

 

I've recently been infected by a rootkit. It is charecterized by constant ad pop-ups and hyperlinking words into additional ads.

 

I'm far from computer savvy but my searches have taught me that I can't use these 'pro' softwares without professional guidance, so I came here to seek it!

 

I'm using Windows 7 32-bit and Firefox browser. I've ran Adware, Malawarebytes, Spybot, Sophos, AVG and probably some other ones but they all came out impotent.

 

Please help me rid of this nuisance.


Edited by randy_pan, 31 December 2014 - 10:32 PM.


BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 01 January 2015 - 01:20 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I have given you the ìAll clear.î  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 randy_pan

randy_pan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 01 January 2015 - 02:52 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by CHAYON (administrator) on 1-PC on 01-01-2015 21:46:49
Running from C:\Users\CHAYON\Downloads
Loaded Profiles: CHAYON & UpdatusUser (Available profiles: CHAYON & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
() C:\Program Files\Continuum\Continuum.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\MountPoints2: {4a5283ec-c59f-11e0-b4e4-00270e112119} - H:\Setup.exe
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\MountPoints2: {ee073327-d37c-11de-952c-806e6f6e6963} - D:\SH-S223B(L).exe
HKU\S-1-5-21-3956770115-4200802536-51156793-1005\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3956770115-4200802536-51156793-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
URLSearchHook: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 - (No Name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} -  No File
URLSearchHook: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  No File
SearchScopes: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={26DF7263-7ED6-4F5A-AAD3-EBC0E3A8D1B4}&mid=7ceb240df89f44748085385d2e43ac40-d86253622c4290f3705e27e37e18e2e012f98490&lang=en&ds=AVG&pr=fr&d=2012-06-06 23:01:33&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={26DF7263-7ED6-4F5A-AAD3-EBC0E3A8D1B4}&mid=7ceb240df89f44748085385d2e43ac40-d86253622c4290f3705e27e37e18e2e012f98490&lang=en&ds=AVG&pr=fr&d=2012-06-06 23:01:33&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{98AAF63E-8735-4E71-A60B-B4E894FA27D6}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default
FF NewTab:
FF SelectedSearchEngine: YouTube
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\searchplugins\filestubecom.xml
FF SearchPlugin: C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\searchplugins\rapidshare-filefinder.xml
FF SearchPlugin: C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\searchplugins\youtube.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Lavasoft Search Plugin - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-05-13]
FF Extension: Xpert-Web - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{58e3c1c9-2dc1-4762-bd45-1df9da9d0820} [2014-11-10]
FF Extension: BitComet Video Downloader - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-01-01]
FF Extension: Password Exporter - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2010-08-31]
FF Extension: QuickRestart - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} [2010-08-26]
FF Extension: BS Player ControlBar  - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2014-03-28]
FF Extension: DivX Web Player - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-02-07]
FF Extension: Flagfox - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-10]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-21]
FF Extension: Adblock Plus - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21]
FF Extension: Greasemonkey - C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-10-13]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-16]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-06-06]

Chrome:
=======
CHR Profile: C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-16]
CHR Extension: (Google Search) - C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-16]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-11-16]
CHR Extension: (AVG Safe Search) - C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-11-16]
CHR Extension: (AVG Secure Search) - C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-11-16]
CHR Extension: (Gmail) - C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-16]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-16]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - No Path
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2014-11-04] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-13] (GFI Software)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2013-05-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2009-09-30] (Intel Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-26] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
U3 avyagm9b; C:\Windows\system32\Drivers\avyagm9b.sys [0 ] (Microsoft Corporation)
R3 cpuz135; \??\C:\Users\CHAYON\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MFE_RR; \??\C:\Users\CHAYON\AppData\Local\Temp\mfe_rr.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 21:46 - 2015-01-01 21:47 - 00021770 _____ () C:\Users\CHAYON\Downloads\FRST.txt
2015-01-01 21:46 - 2015-01-01 21:46 - 01114624 _____ (Farbar) C:\Users\CHAYON\Downloads\FRST.exe
2015-01-01 21:46 - 2015-01-01 21:46 - 00000000 ____D () C:\FRST
2015-01-01 08:58 - 2015-01-01 08:59 - 00000000 ____D () C:\Users\CHAYON\Downloads\All Things Anal #02, Scene #02 - Callie Calypso - [1080p] - iMAGESET
2015-01-01 08:50 - 2015-01-01 08:50 - 00000000 ____D () C:\Users\CHAYON\Downloads\ecg_callie
2015-01-01 08:45 - 2015-01-01 08:45 - 00000000 ____D () C:\Users\CHAYON\Downloads\MyGF - Callie Calypso...My Girl's Pussy Is Great
2015-01-01 08:19 - 2015-01-01 09:23 - 1686399594 ____R () C:\Users\CHAYON\Downloads\Callie Hypno.wmv
2015-01-01 08:18 - 2015-01-01 09:22 - 2158764100 ____R () C:\Users\CHAYON\Downloads\27334_03_1080p.mp4
2015-01-01 08:14 - 2015-01-01 09:37 - 00000000 ____D () C:\Users\CHAYON\AppData\Roaming\uTorrent
2015-01-01 08:14 - 2015-01-01 08:14 - 00000974 _____ () C:\Users\CHAYON\Desktop\µTorrent.lnk
2015-01-01 08:14 - 2015-01-01 08:14 - 00000960 _____ () C:\Users\CHAYON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2015-01-01 08:13 - 2015-01-01 08:13 - 01728336 _____ (BitTorrent Inc.) C:\Users\CHAYON\Downloads\uTorrent.exe
2015-01-01 02:32 - 2015-01-01 02:32 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-01 02:32 - 2015-01-01 02:31 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-01 02:31 - 2015-01-01 02:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-01 02:30 - 2015-01-01 02:30 - 00000000 ____D () C:\Program Files\Java
2015-01-01 02:19 - 2015-01-01 02:19 - 00638888 _____ (Oracle Corporation) C:\Users\CHAYON\Downloads\jxpiinstall(1).exe
2015-01-01 02:09 - 2015-01-01 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
2014-12-31 20:42 - 2014-12-31 20:42 - 00000782 _____ () C:\Windows\PFRO.log
2014-12-31 20:42 - 2014-12-31 20:42 - 00000056 _____ () C:\Windows\setupact.log
2014-12-31 20:42 - 2014-12-31 20:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-21 15:22 - 2014-12-21 15:22 - 00002882 _____ () C:\Users\CHAYON\Documents\cc_20141221_152204.reg
2014-12-21 15:21 - 2014-12-21 15:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-21 15:21 - 2014-12-21 15:21 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-20 20:52 - 2015-01-01 04:50 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-20 20:49 - 2014-12-20 20:51 - 106194344 _____ (Sophos Limited) C:\Users\CHAYON\Downloads\Sophos Virus Removal Tool.exe
2014-12-20 20:49 - 2014-12-20 20:49 - 00000310 _____ () C:\Users\CHAYON\Downloads\RootkitRemover_20141220_204909.log
2014-12-20 20:48 - 2014-12-20 20:48 - 00783120 _____ (McAfee, Inc.) C:\Users\CHAYON\Downloads\rootkitremover(1).exe
2014-12-20 11:37 - 2014-12-13 05:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 20:36 - 2014-12-20 05:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-19 20:34 - 2014-12-19 20:34 - 00380416 _____ () C:\Users\CHAYON\Downloads\g1obbegh.exe
2014-12-19 20:32 - 2014-12-20 05:52 - 00000000 ____D () C:\Users\CHAYON\Desktop\mbar
2014-12-19 20:30 - 2014-12-19 20:31 - 16448208 _____ (Malwarebytes Corp.) C:\Users\CHAYON\Downloads\mbar-1.08.2.1001.exe
2014-12-19 20:30 - 2014-12-19 20:30 - 00000310 _____ () C:\Users\CHAYON\Downloads\RootkitRemover_20141219_203014.log
2014-12-19 20:29 - 2014-12-19 20:29 - 00783120 _____ (McAfee, Inc.) C:\Users\CHAYON\Downloads\rootkitremover.exe
2014-12-19 19:32 - 2014-12-19 19:32 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-19 19:23 - 2014-12-20 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-19 19:12 - 2014-10-18 03:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-19 19:12 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-19 19:12 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-19 19:12 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-19 19:12 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-19 18:30 - 2014-12-19 18:30 - 00244128 _____ () C:\Users\CHAYON\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-19 18:01 - 2014-12-04 06:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-19 18:01 - 2014-12-04 06:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-19 18:01 - 2014-12-04 06:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-19 18:01 - 2014-12-04 06:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-19 18:01 - 2014-12-04 06:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-19 18:01 - 2014-12-04 06:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-19 18:01 - 2014-12-04 06:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-19 18:01 - 2014-12-02 01:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-19 18:01 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-19 18:01 - 2014-11-22 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-19 18:01 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-19 18:01 - 2014-11-22 04:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-19 18:01 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-19 18:01 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-19 18:01 - 2014-11-22 03:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-19 18:01 - 2014-11-22 03:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-19 18:01 - 2014-11-22 03:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-19 18:01 - 2014-11-22 03:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-19 18:01 - 2014-11-22 03:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-19 18:01 - 2014-11-22 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-19 18:01 - 2014-11-22 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-19 18:01 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-19 18:01 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-19 18:01 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-19 18:01 - 2014-11-22 03:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-19 18:01 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-19 18:01 - 2014-11-11 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-19 18:01 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-19 18:00 - 2014-11-27 03:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-19 18:00 - 2014-11-22 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-19 18:00 - 2014-11-22 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-19 18:00 - 2014-11-22 03:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-19 18:00 - 2014-11-22 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-19 18:00 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-19 18:00 - 2014-11-22 03:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-19 18:00 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-19 18:00 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-19 18:00 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-19 18:00 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-19 18:00 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-19 18:00 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-19 18:00 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-19 18:00 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-19 18:00 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-19 18:00 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-19 18:00 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 21:05 - 2014-08-27 08:14 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 20:45 - 2009-11-17 15:32 - 01261373 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 20:08 - 2014-11-21 16:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 08:06 - 2010-10-21 17:12 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2015-01-01 05:05 - 2014-08-27 08:14 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 04:49 - 2014-11-29 23:11 - 00000000 ____D () C:\Users\CHAYON\AppData\Local\AdFender
2015-01-01 02:32 - 2014-11-29 23:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-01 02:25 - 2011-12-09 23:27 - 00000000 ____D () C:\Users\CHAYON\AppData\Roaming\Mipony
2015-01-01 02:11 - 2012-08-06 03:03 - 00000000 ____D () C:\Users\CHAYON\AppData\Roaming\BitComet
2015-01-01 02:09 - 2012-08-06 03:03 - 00000965 _____ () C:\Users\Public\Desktop\BitComet.lnk
2014-12-31 23:41 - 2009-07-14 06:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 23:41 - 2009-07-14 06:34 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 23:15 - 2011-10-13 21:25 - 00000000 ____D () C:\ProgramData\AVG2012
2014-12-31 20:42 - 2013-06-07 01:47 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-31 20:42 - 2010-08-11 12:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-31 20:42 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 15:22 - 2012-11-20 03:35 - 00000000 ____D () C:\Windows\pss
2014-12-21 15:21 - 2010-09-01 12:43 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-21 15:21 - 2010-09-01 12:43 - 00000000 ____D () C:\Program Files\Adobe
2014-12-21 15:21 - 2010-09-01 12:42 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-20 18:13 - 2012-11-14 23:45 - 00000000 ___RD () C:\Users\CHAYON\Dropbox
2014-12-20 18:13 - 2012-11-14 23:41 - 00000000 ____D () C:\Users\CHAYON\AppData\Roaming\Dropbox
2014-12-20 18:11 - 2012-04-28 02:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-19 23:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-12-19 20:36 - 2010-09-01 12:40 - 00000000 ____D () C:\Users\CHAYON\AppData\Local\Adobe
2014-12-19 20:35 - 2012-11-14 23:47 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-19 20:35 - 2011-10-02 04:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 20:32 - 2014-11-21 16:38 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-19 19:39 - 2011-11-17 18:26 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-19 19:39 - 2010-08-26 11:13 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-19 19:32 - 2014-05-06 17:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-19 19:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-19 19:15 - 2011-11-03 16:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-19 18:41 - 2013-09-08 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-19 18:16 - 2010-09-01 14:56 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-19 18:13 - 2014-11-21 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-19 18:13 - 2014-11-21 16:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-19 18:13 - 2012-01-26 12:45 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-19 17:54 - 2012-11-14 23:45 - 00001016 _____ () C:\Users\CHAYON\Desktop\Dropbox.lnk
2014-12-19 17:54 - 2012-11-14 23:44 - 00000000 ____D () C:\Users\CHAYON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\CHAYON\AppData\Local\Temp\BitA23.tmp.exe
C:\Users\CHAYON\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdzafix.dll
C:\Users\CHAYON\AppData\Local\Temp\speccycpuid.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-31 23:33

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Addition:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2015
Ran by CHAYON at 2015-01-01 21:47:36
Running from C:\Users\CHAYON\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\uTorrent) (Version: 3.4.2.37252 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2249 - AVG Technologies)
AVG 2012 (Version: 12.0.4253 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2249 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
BitComet 1.35 (HKLM\...\BitComet) (Version: 1.35 - CometNetwork)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Continuum (HKLM\...\{3B321407-8558-4C72-86F6-C1E72AC9F8BA}) (Version: 0.40 - SubSpace Online)
Dropbox (HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
FoxyTunes for Firefox (HKLM\...\FoxyTunesForFirefox) (Version:  - )
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Network Connections 14.7.31.0 (HKLM\...\PROSetDX) (Version: 14.7.31.0 - Intel)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiPony 2.0.5 (HKLM\...\MiPony) (Version: 2.0.5 - )
Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{7FD7FB8C-2C75-4A8E-A236-EB23C5CDA7BE}) (Version: 8.3.582 - Nero AG)
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SopCast 3.9.2 (HKLM\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
Speccy (HKLM\...\Speccy) (Version: 1.16 - Piriform)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
עדכון עבור מסנן דואר הזבל של Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-040D-0000-0000000FF1CE}_ENTERPRISE_{18E2D7BF-CC18-4CE8-B875-D2934B6086E2}) (Version:  - Microsoft)
עדכון עבור מסנן דואר הזבל של Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-040D-0000-0000000FF1CE}_ENTERPRISE_{54B50AC9-2088-4F43-B39A-0F10F53D425E}) (Version:  - Microsoft)
עדכון עבור מסנן דואר הזבל של Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-040D-0000-0000000FF1CE}_ENTERPRISE_{CAB664CE-BBA4-4A81-A358-6CC6F7852FC9}) (Version:  - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File
CustomCLSID: HKU\S-1-5-21-3956770115-4200802536-51156793-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll No File

==================== Restore Points  =========================

19-12-2014 17:56:22 Windows Update
19-12-2014 18:11:59 Windows Update
20-12-2014 20:31:10 Windows Update
20-12-2014 20:51:43 Installed Sophos Virus Removal Tool.
31-12-2014 20:48:12 Windows Update
01-01-2015 02:21:50 Removed Java 8 Update 25
01-01-2015 02:27:29 Removed Java 8 Update 25
01-01-2015 04:50:05 Removed Sophos Virus Removal Tool.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09CDCB95-4044-4D44-A319-A27B1BF42442} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-27] (Google Inc.)
Task: {163F9FB4-A1D3-4D54-80C7-33139ECAAB4E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3956770115-4200802536-51156793-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {2886A721-8B08-4D25-9FFA-1E9057BC8B85} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe
Task: {396713C8-A491-46FC-8F63-9E329C3D658D} - System32\Tasks\{7EBF6141-3B46-4F56-9060-BFD17ECD6877} => pcalua.exe -a C:\Users\CHAYON\Downloads\jxpiinstall(1).exe -d C:\Users\CHAYON\Downloads
Task: {3C56B69B-5E2D-4F36-9602-FDD4535CD13A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {41B9C5C9-AD99-4ABA-AE7A-F37D8763513F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-27] (Google Inc.)
Task: {53CDCA6C-5C28-48E6-935D-0ADC63C1A6BE} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {621DE9C2-D98B-4563-A347-0D98D591C258} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2012-05-23] (Lavasoft Limited                                                      )
Task: {6F62C6FB-59D3-4E24-A696-092B541DA5B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88A36082-1228-4EC0-BD89-480B9A08887F} - System32\Tasks\{78B257F2-3FC9-44D3-AC5B-F9C3EDEA2BF9} => pcalua.exe -a E:\steambackup.exe -d E:\
Task: {8ABD6BA9-F893-4820-BEBD-3A3AB1AE1B4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {A74C4302-BF4F-42AB-A36E-F9B82746E293} - System32\Tasks\{CFAC7481-DB5F-4BC4-B31C-343E2D0EF0A3} => pcalua.exe -a "C:\Downloads\Z-Fighters vs.the World\mwc.exe" -d "C:\Downloads\Z-Fighters vs.the World"
Task: {CACFCD89-F50A-49D6-A306-437484C4E76A} - System32\Tasks\{CAD7CDFB-FC02-4B0A-B724-B284BD1CD466} => pcalua.exe -a C:\Users\CHAYON\Desktop\word.exe -d C:\Users\CHAYON\Desktop
Task: {EC3C500D-A4AB-4F53-8863-D236E635382F} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0E334633-C166-417B-A25E-4970EFD1683A}.exe
Task: {FEBE2FA4-DC6B-4C01-8B5C-905162B7FA3B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3956770115-4200802536-51156793-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0E334633-C166-417B-A25E-4970EFD1683A}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-04 03:54 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-26 11:27 - 2006-12-03 13:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-26 16:42 - 2014-08-26 16:41 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-08-12 05:43 - 2014-08-12 05:43 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-08-12 05:43 - 2014-08-12 05:43 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-12-19 19:23 - 2014-11-26 18:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-19 20:35 - 2014-12-19 20:35 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
2010-01-23 18:49 - 2010-01-23 18:49 - 00436352 _____ () C:\Program Files\Continuum\Continuum.exe
2010-01-23 18:49 - 2010-01-23 18:49 - 00339968 _____ () C:\Program Files\Continuum\menu040.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AdFender.lnk => C:\Windows\pss\AdFender.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^CHAYON^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Ad-Aware Antivirus => "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
MSCONFIG\startupreg: adawarebp => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
MSCONFIG\startupreg: adawarebp_DATA_FOLDER => cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q
MSCONFIG\startupreg: adawarebp_INSTALL_FOLDER => cmd.exe /c rmdir "C:\Users\CHAYON\AppData\Local\adawarebp" /s /q
MSCONFIG\startupreg: adawarebp_XP => reg.exe delete "HKCU\Software\adawarebp" /f
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Delegate => "C:\Program Files\NCH Software\Delegate\delegate.exe" -logon
MSCONFIG\startupreg: FlashPlayerUpdate => C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Index Washer => C:\Program Files\Webroot\Washer\WashIdx.exe "CHAYON"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Malware => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RegistryBooster => "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
MSCONFIG\startupreg: ROC_roc_dec12 => "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TexTally => "C:\Program Files\NCH Software\TexTally\textally.exe" -logon
MSCONFIG\startupreg: TkBellExe => "c:\program files\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: WebDictate => "C:\Program Files\NCH Software\WebDictate\webdictate.exe" -logon
MSCONFIG\startupreg: Window Washer => C:\Program Files\Webroot\Washer\wwDisp.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3956770115-4200802536-51156793-500 - Administrator - Disabled)
CHAYON (S-1-5-21-3956770115-4200802536-51156793-1000 - Administrator - Enabled) => C:\Users\CHAYON
Guest (S-1-5-21-3956770115-4200802536-51156793-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3956770115-4200802536-51156793-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-3956770115-4200802536-51156793-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 08:12:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x560
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/01/2015 04:50:05 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3956770115-4200802536-51156793-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {69a1ab9a-029d-4666-8c5f-30e78aff19fe}

Error: (01/01/2015 02:30:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x768
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/01/2015 02:27:30 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3956770115-4200802536-51156793-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {2c31f6e8-4d17-4f8b-9694-274b63a413a0}

Error: (01/01/2015 02:21:50 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3956770115-4200802536-51156793-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {90e07d4d-f80a-4ad0-ba2a-9f6f37404847}

Error: (01/01/2015 00:45:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (01/01/2015 00:44:31 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/31/2014 11:35:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (12/31/2014 11:34:59 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (12/31/2014 08:48:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3956770115-4200802536-51156793-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {aa43842a-001f-4a1b-a9ee-353fa3db8a6e}


System errors:
=============
Error: (12/31/2014 08:44:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/31/2014 08:44:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/31/2014 08:43:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/31/2014 08:43:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (12/31/2014 08:43:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (12/31/2014 08:43:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (12/31/2014 08:43:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/31/2014 08:43:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/31/2014 08:42:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/31/2014 08:42:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 67%
Total physical RAM: 3574.36 MB
Available physical RAM: 1178.52 MB
Total Pagefile: 7147.02 MB
Available Pagefile: 3865.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:145.85 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 01 January 2015 - 07:23 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\MountPoints2: {4a5283ec-c59f-11e0-b4e4-00270e112119} - H:\Setup.exe
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\MountPoints2: {ee073327-d37c-11de-952c-806e6f6e6963} - D:\SH-S223B(L).exe
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - No Path
S3 MFE_RR; \??\C:\Users\CHAYON\AppData\Local\Temp\mfe_rr.sys [X]
C:\Users\CHAYON\AppData\Local\Temp\mfe_rr.sys
2014-12-19 20:34 - 2014-12-19 20:34 - 00380416 _____ () C:\Users\CHAYON\Downloads\g1obbegh.exe
C:\Users\CHAYON\AppData\Local\Temp\BitA23.tmp.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 randy_pan

randy_pan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 01 January 2015 - 10:32 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2015
Ran by CHAYON at 2015-01-02 05:24:18 Run:1
Running from C:\Users\CHAYON\Downloads
Loaded Profiles: CHAYON & UpdatusUser (Available profiles: CHAYON & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\MountPoints2: {4a5283ec-c59f-11e0-b4e4-00270e112119} - H:\Setup.exe
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\...\MountPoints2: {ee073327-d37c-11de-952c-806e6f6e6963} - D:\SH-S223B(L).exe
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-3956770115-4200802536-51156793-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - No Path
S3 MFE_RR; \??\C:\Users\CHAYON\AppData\Local\Temp\mfe_rr.sys [X]
C:\Users\CHAYON\AppData\Local\Temp\mfe_rr.sys
2014-12-19 20:34 - 2014-12-19 20:34 - 00380416 _____ () C:\Users\CHAYON\Downloads\g1obbegh.exe
C:\Users\CHAYON\AppData\Local\Temp\BitA23.tmp.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
EmptyTemp:
*****************

"HKU\S-1-5-21-3956770115-4200802536-51156793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a5283ec-c59f-11e0-b4e4-00270e112119}" => Key deleted successfully.
HKCR\CLSID\{4a5283ec-c59f-11e0-b4e4-00270e112119} => Key not found.
"HKU\S-1-5-21-3956770115-4200802536-51156793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee073327-d37c-11de-952c-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{ee073327-d37c-11de-952c-806e6f6e6963} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-3956770115-4200802536-51156793-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
MFE_RR => Service deleted successfully.
"C:\Users\CHAYON\AppData\Local\Temp\mfe_rr.sys" => File/Directory not found.
C:\Users\CHAYON\Downloads\g1obbegh.exe => Moved successfully.
C:\Users\CHAYON\AppData\Local\Temp\BitA23.tmp.exe => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":ECF54A0E" ADS removed successfully.
EmptyTemp: => Removed 3.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog 05:24:54 ====



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 01 January 2015 - 10:34 PM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 randy_pan

randy_pan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 01 January 2015 - 11:06 PM

ComboFix 15-01-02.01 - CHAYON 01/02/2015   5:56.1.8 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1255.972.1033.18.3574.1831 [GMT 2:00]
Running from: c:\users\CHAYON\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\CHAYON\AppData\Local\TempDIR
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-02 to 2015-01-02  )))))))))))))))))))))))))))))))
.
.
2015-01-01 19:46 . 2015-01-02 03:24    --------    d-----w-    C:\FRST
2015-01-01 06:14 . 2015-01-02 03:23    --------    d-----w-    c:\users\CHAYON\AppData\Roaming\uTorrent
2015-01-01 00:32 . 2015-01-01 00:32    --------    d-----w-    c:\program files\Common Files\Java
2015-01-01 00:32 . 2015-01-01 00:31    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2015-01-01 00:30 . 2015-01-01 00:30    --------    d-----w-    c:\program files\Java
2014-12-31 18:52 . 2015-01-02 03:32    62576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB57D59B-E7BE-4F44-BEC7-84CF409B90BD}\offreg.dll
2014-12-31 18:48 . 2014-12-02 11:01    9054624    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB57D59B-E7BE-4F44-BEC7-84CF409B90BD}\mpengine.dll
2014-12-20 18:52 . 2015-01-01 02:50    --------    d-----w-    c:\programdata\Sophos
2014-12-20 09:37 . 2014-12-13 03:33    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-19 18:36 . 2014-12-20 03:52    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-19 17:32 . 2014-12-19 17:32    --------    d-----w-    c:\windows\system32\appraiser
2014-12-19 17:12 . 2014-07-07 01:40    103424    ----a-w-    c:\windows\system32\mfps.dll
2014-12-19 17:12 . 2014-07-07 01:39    23040    ----a-w-    c:\windows\system32\mfpmp.exe
2014-12-19 17:12 . 2014-07-07 01:37    2048    ----a-w-    c:\windows\system32\mferror.dll
2014-12-19 17:12 . 2014-10-18 01:33    3209728    ----a-w-    c:\windows\system32\mf.dll
2014-12-19 17:12 . 2014-07-07 01:39    50176    ----a-w-    c:\windows\system32\rrinstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 03:27 . 2014-11-21 14:37    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-19 18:35 . 2012-11-14 21:47    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-19 18:35 . 2011-10-02 02:12    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-19 18:32 . 2014-11-21 14:38    79576    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-24 12:04 . 2010-08-26 10:07    229000    ------w-    c:\windows\system32\MpSigStub.exe
2014-11-21 04:14 . 2014-11-21 14:38    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 04:14 . 2011-04-02 01:20    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-18 12:56 . 2014-11-18 12:56    1202848    ----a-w-    c:\windows\system32\FM20.DLL
2014-11-11 02:44 . 2014-11-21 02:53    186880    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-21 02:53    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-03 22:33 . 2014-11-03 22:33    302368    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-25 01:32 . 2014-11-21 02:53    67584    ----a-w-    c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-21 02:54    571904    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-21 14:31    136632    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-21 14:31    523776    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-21 02:53    2363904    ----a-w-    c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-21 14:31    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-21 14:31    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-21 14:31    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-21 02:53    2379264    ----a-w-    c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\CHAYON\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 15:52    577864    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 15:52    577864    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 15:52    577864    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 15:52    577864    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 15:52    577864    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-08-26 2640408]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AdFender.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
backup=c:\windows\pss\AdFender.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^CHAYON^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\CHAYON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp]
reg.exe delete HKCU\Software\AppDataLow\Software\adawarebp [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp_DATA_FOLDER]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp_INSTALL_FOLDER]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp_XP]
reg.exe delete HKCU\Software\adawarebp [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-09-12 09:43    959176    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 00:44    500208    ------w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10    402432    ----a-w-    c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-10-11 10:05    60712    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-11-21 18:41    5282584    ----a-w-    c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16    357696    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2014-10-21 15:52    22869088    ----a-w-    c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36    30040    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-10-15 02:42    157480    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-10 07:45    2221352    ----a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 14:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07    2260480    --sha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 10:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-11-16 01:38    296096    ----a-w-    c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2014-08-26 14:41    2640408    ----a-w-    c:\program files\AVG Secure Search\vprot.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2013-10-15 5175856]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 cpuz135;cpuz135;c:\users\CHAYON\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2013-05-12 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-12 13560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-26 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-11-03 302368]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-12 42784]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-08-12 1820184]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2012-12-10 142176]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-23 208552]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2013-05-12 12:26]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-27 06:14]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-27 06:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\CHAYON\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Mipony הורד עם - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{98AAF63E-8735-4E71-A60B-B4E894FA27D6}: NameServer = 8.8.8.8
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
MSConfigStartUp-Delegate - c:\program files\NCH Software\Delegate\delegate.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe
MSConfigStartUp-Index Washer - c:\program files\Webroot\Washer\WashIdx.exe
MSConfigStartUp-Malwarebytes Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-TexTally - c:\program files\NCH Software\TexTally\textally.exe
MSConfigStartUp-WebDictate - c:\program files\NCH Software\WebDictate\webdictate.exe
MSConfigStartUp-Window Washer - c:\program files\Webroot\Washer\wwDisp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-02  06:04:21
ComboFix-quarantined-files.txt  2015-01-02 04:04
.
Pre-Run: 160,512,995,328 bytes free
Post-Run: 160,162,164,736 bytes free
.
- - End Of File - - DD2790B01C3C279E2BB0B80F995572BB
A36C5E4F47E84449FF07ED3517B43A31
 



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 01 January 2015 - 11:39 PM

Please do this next:

icon11.gif  Open Malwarebytes AntiMalware (MBAM)

  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please include the following in your next post:
  • MBAM log
  • adwCleaner log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 randy_pan

randy_pan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 02 January 2015 - 12:20 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/01/2015
Scan Time: 07:02:11
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.02.02
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: CHAYON

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423594
Time Elapsed: 12 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\prefs.js, Good: (), Bad: (user_pref("CT2790392.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=");), No Action By User,[e021ef7a2d4f5dd94bc9249b93727a86]

Physical Sectors: 0
(No malicious items detected)


(end)

 

------------------------------

 

 

# AdwCleaner v4.106 - Report created 02/01/2015 at 07:18:23
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : CHAYON - 1-PC
# Running from : C:\Users\CHAYON\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.1.9
Service Found : AVG Security Toolbar Service

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\AVG Security Toolbar
Folder Found : C:\Program Files\AVG\AVG10\Toolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\Uniblue
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\Users\CHAYON\AppData\Local\AVG Secure Search
Folder Found : C:\Users\CHAYON\AppData\Local\AVG Security Toolbar
Folder Found : C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\CHAYON\AppData\Local\PackageAware
Folder Found : C:\Users\CHAYON\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\CHAYON\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\CHAYON\AppData\LocalLow\Conduit
Folder Found : C:\Users\CHAYON\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Folder Found : C:\Users\CHAYON\AppData\Roaming\WebExtend

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Uniblue
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-GB)

[n2n1vt4a.default] - Line Found : user_pref("CT2790392..clientLogIsEnabled", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.CTID", "CT2790392");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.CurrentServerDate", "31-5-2012");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.DSInstall", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.DialogsAlignMode", "LTR");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.DialogsGetterLastCheckTime", "Mon May 28 2012 20:18:55 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.DownloadReferralCookieData", "");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.EMailNotifierPollDate", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedLastCount129313977501788460", 138);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Feb 15 2012 02:43:16 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313975698350231", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313976370850190", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313976648818968", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Feb 15 2012 02:43:17 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313980389131455", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Feb 15 2012 02:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313980886163259", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Feb 15 2012 02:43:17 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313983226631720", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedPollDate129313983607725691", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedTTL129313974171006416", 10);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedTTL129313977444757117", 15);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedTTL129313980655381977", 5);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FeedTTL129313981234756535", 5);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FirstServerDate", "13-2-2012");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FirstTime", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FirstTimeFF3", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.FixPageNotFoundErrors", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.HPInstall", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.HasUserGlobalKeys", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.Initialize", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.InitializeCommonPrefs", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.InstallationId", "ConduitXPEIntegration");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.InstallationType", "ConduitXPEIntegration");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.InstalledDate", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.IsGrouping", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.IsInitSetupIni", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.IsMulticommunity", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.IsOpenThankYouPage", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.IsOpenUninstallPage", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.LanguagePackLastCheckTime", "Thu May 31 2012 03:42:08 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.LastLogin_3.12.2.3", "Thu May 31 2012 04:28:30 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.LastLogin_3.9.0.3", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.LatestVersion", "3.13.0.6");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.Locale", "en");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.MCDetectTooltipHeight", "83");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.MCDetectTooltipWidth", "295");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.OriginalFirstVersion", "3.9.0.3");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchInNewTabEnabled", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Thu May 31 2012 03:42:47 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SendProtectorDataViaLogin", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.ServiceMapLastCheckTime", "Wed May 30 2012 17:34:52 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SettingsLastCheckTime", "Wed May 30 2012 02:10:16 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.SettingsLastUpdate", "1337625361");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Mon Feb 13 2012 20:43:12 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1312887586");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.UserID", "UN29229410704008096");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.WeatherNetwork", "");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.WeatherPollDate", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.WeatherUnit", "C");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.alertChannelId", "1182482");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.autoDisableScopes", 0);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.backendstorage.cbfirsttime", "4D6F6E2046656220313320323031322032303A34333A313720474D542B3032303020284A65727573616C656D205374616E646172642054696D6529");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Mon Feb 13 2012 20:43:13 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.initDone", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.isAppTrackingManagerOn", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.myStuffEnabled", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.revertSettingsEnabled", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.searchProtectorEnableByLogin", true);
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.testingCtid", "");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Thu May 31 2012 03:42:59 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Mon Feb 13 2012 20:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.FF19Solved", "true");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.UserID", "UN14654259811291518");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.fullUserID", "UN14654259811291518.IN.20140328150918");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.installDate", "28/03/2014 15:09:20");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.installSessionId", "dce3ca8b-ba70-4243-8c95-4831595345f1");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.installSp", "false");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.installerVersion", "1.8.1.4");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.searchRevert", "false");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.searchUninstallUserMode", "1");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.searchUserMode", "1");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.toolbarInstallDate", "28-03-2014 15:09:18");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.versionFromInstaller", "10.23.0.722");
[n2n1vt4a.default] - Line Found : user_pref("CT3318146.xpeMode", "1");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"d728e3133901af9bc4d47b2d34f1dfc01\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/IL", "\"0\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:0\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"d76323372b05c3748a3d6b1c93a98292\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8884e1d7013beea7adb5fd75562429\"");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\CHAYON\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\n2n1vt4a.default\\conduitCommon\\modules\\3.9.0.3");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://aa.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_aa&p=");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 14 2012 20:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.globalUserId", "e43b8fdc-c6f0-43e9-a1ff-fadb7942c12a");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 13 2012 20:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 14 2012 21:43:26 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 14 2012 20:43:12 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.notifications.userId", "fda382a8-82f3-4ccf-9866-bcf9f2d80563");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[n2n1vt4a.default] - Line Found : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo! Search");
[n2n1vt4a.default] - Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
[n2n1vt4a.default] - Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[n2n1vt4a.default] - Line Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1,%7B58e3c1c9-2dc1-4762-bd45-1df9da9d0820%7D:0.2,%7BF53C93F1-07D5-430c-86D4-C95[...]
[n2n1vt4a.default] - Line Found : user_pref("smartbar.machineId", "EHPKLOY5G7RVEP7+ACEEUWE6Y7TDZAZNILZZDLOOELRK2H/NLNMWOYWWQKOM7ZI46TS6B74/QXIGYZBJYL7ZAA");

-\\ Google Chrome v

[C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={26DF7263-7ED6-4F5A-AAD3-EBC0E3A8D1B4}&mid=7ceb240df89f44748085385d2e43ac40-d86253622c4290f3705e27e37e18e2e012f98490&lang=en&ds=AVG&pr=fr&d=2012-06-06 23:01:33&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [26802 octets] - [02/01/2015 07:18:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26863 octets] ##########
 



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 02 January 2015 - 11:29 AM

How is your computer running now?  Many of those adwCleaner detections look to be related to legitimate apps or changes you intentionally made. Please be sure to go through them and uncheck anything you don’t want removed, then do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-Uncheck any lines related to items you wish to keep->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • adwCleaner log
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 randy_pan

randy_pan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 02 January 2015 - 01:50 PM

* - My browsing experience is still absolutely littered by pop-ups and ads. No change has been recorded.

------------------

# AdwCleaner v4.106 - Report created 02/01/2015 at 18:41:34
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : CHAYON - 1-PC
# Running from : C:\Users\CHAYON\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.9
[#] Service Deleted : AVG Security Toolbar Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\AVG\AVG10\Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\CHAYON\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\CHAYON\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\CHAYON\AppData\Local\PackageAware
Folder Deleted : C:\Users\CHAYON\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\CHAYON\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\CHAYON\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\CHAYON\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\CHAYON\AppData\Roaming\WebExtend
[!] Folder Deleted : C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Folder Deleted : C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\CHAYON\AppData\Roaming\Mozilla\Firefox\Profiles\n2n1vt4a.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-GB)

[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392..clientLogIsEnabled", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.CTID", "CT2790392");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.CurrentServerDate", "31-5-2012");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.DSInstall", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.DialogsAlignMode", "LTR");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.DialogsGetterLastCheckTime", "Mon May 28 2012 20:18:55 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.DownloadReferralCookieData", "");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.EMailNotifierPollDate", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedLastCount129313977501788460", 138);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313974171006416", "Wed Feb 15 2012 02:43:16 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313975698350231", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313976370850190", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313976648818968", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313977444757117", "Wed Feb 15 2012 02:43:17 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313980389131455", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313980655381977", "Wed Feb 15 2012 02:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313980886163259", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313981234756535", "Wed Feb 15 2012 02:43:17 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313983226631720", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedPollDate129313983607725691", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313974171006416", 10);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313977444757117", 15);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313980655381977", 5);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FeedTTL129313981234756535", 5);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FirstServerDate", "13-2-2012");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FirstTime", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FirstTimeFF3", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.FixPageNotFoundErrors", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.HPInstall", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.HasUserGlobalKeys", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.Initialize", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.InitializeCommonPrefs", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstallationId", "ConduitXPEIntegration");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstallationType", "ConduitXPEIntegration");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.InstalledDate", "Mon Feb 13 2012 20:43:14 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsGrouping", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsInitSetupIni", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsMulticommunity", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsOpenThankYouPage", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.IsOpenUninstallPage", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.LanguagePackLastCheckTime", "Thu May 31 2012 03:42:08 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.12.2.3", "Thu May 31 2012 04:28:30 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.LastLogin_3.9.0.3", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.LatestVersion", "3.13.0.6");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.Locale", "en");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipHeight", "83");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.MCDetectTooltipWidth", "295");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.OriginalFirstVersion", "3.9.0.3");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabEnabled", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Thu May 31 2012 03:42:47 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SendProtectorDataViaLogin", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.ServiceMapLastCheckTime", "Wed May 30 2012 17:34:52 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SettingsLastCheckTime", "Wed May 30 2012 02:10:16 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.SettingsLastUpdate", "1337625361");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Mon Feb 13 2012 20:43:12 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1312887586");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.UserID", "UN29229410704008096");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.WeatherNetwork", "");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.WeatherPollDate", "Mon Feb 13 2012 20:43:15 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.WeatherUnit", "C");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.alertChannelId", "1182482");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.autoDisableScopes", 0);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.cbfirsttime", "4D6F6E2046656220313320323031322032303A34333A313720474D542B3032303020284A65727573616C656D205374616E646172642054696D6529");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Mon Feb 13 2012 20:43:13 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.initDone", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.isAppTrackingManagerOn", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffEnabled", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.revertSettingsEnabled", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.searchProtectorEnableByLogin", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.testingCtid", "");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Thu May 31 2012 03:42:59 GMT+0300 (Jerusalem Daylight Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Mon Feb 13 2012 20:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.FF19Solved", "true");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.UserID", "UN14654259811291518");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.fullUserID", "UN14654259811291518.IN.20140328150918");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.installDate", "28/03/2014 15:09:20");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.installSessionId", "dce3ca8b-ba70-4243-8c95-4831595345f1");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.installSp", "false");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.installerVersion", "1.8.1.4");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.searchRevert", "false");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.searchUninstallUserMode", "1");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.searchUserMode", "1");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.toolbarInstallDate", "28-03-2014 15:09:18");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.versionFromInstaller", "10.23.0.722");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CT3318146.xpeMode", "1");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"d728e3133901af9bc4d47b2d34f1dfc01\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/IL", "\"0\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:0\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"d76323372b05c3748a3d6b1c93a98292\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1c8884e1d7013beea7adb5fd75562429\"");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\CHAYON\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\n2n1vt4a.default\\conduitCommon\\modules\\3.9.0.3");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://aa.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_aa&p=");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 14 2012 20:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "e43b8fdc-c6f0-43e9-a1ff-fadb7942c12a");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Feb 13 2012 20:43:18 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 14 2012 21:43:26 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 14 2012 20:43:12 GMT+0200 (Jerusalem Standard Time)");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "fda382a8-82f3-4ccf-9866-bcf9f2d80563");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo! Search");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1,%7B58e3c1c9-2dc1-4762-bd45-1df9da9d0820%7D:0.2,%7BF53C93F1-07D5-430c-86D4-C95[...]
[n2n1vt4a.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "EHPKLOY5G7RVEP7+ACEEUWE6Y7TDZAZNILZZDLOOELRK2H/NLNMWOYWWQKOM7ZI46TS6B74/QXIGYZBJYL7ZAA");

-\\ Google Chrome v

[C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={26DF7263-7ED6-4F5A-AAD3-EBC0E3A8D1B4}&mid=7ceb240df89f44748085385d2e43ac40-d86253622c4290f3705e27e37e18e2e012f98490&lang=en&ds=AVG&pr=fr&d=2012-06-06 23:01:33&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

-\\ Chromium v

[C:\Users\CHAYON\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={26DF7263-7ED6-4F5A-AAD3-EBC0E3A8D1B4}&mid=7ceb240df89f44748085385d2e43ac40-d86253622c4290f3705e27e37e18e2e012f98490&lang=en&ds=AVG&pr=fr&d=2012-06-06 23:01:33&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [26944 octets] - [02/01/2015 07:18:23]
AdwCleaner[R1].txt - [27005 octets] - [02/01/2015 18:39:40]
AdwCleaner[S0].txt - [29126 octets] - [02/01/2015 18:41:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29187 octets] ##########



#12 randy_pan

randy_pan
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 02 January 2015 - 02:27 PM

-- I had accidentaly ran a scan before unticking the clean button. I interrupted it but it had managed to clean a few items. I can retreive that log if it renders this scan useless.

 

C:\$RECYCLE.BIN\S-1-5-21-3956770115-4200802536-51156793-1000\$R6CV5V1.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

 



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 02 January 2015 - 02:58 PM

Don't worry about that log.  Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under îAdditional optionsî, put a check mark in the box next to ìDetect TDLFS File Systemî
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.3.x.x.x_xx.01.2012_17.24.26_log.txt
  • Post that log, please.

Edited by RPMcMurphy, 02 January 2015 - 02:58 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 10 January 2015 - 06:55 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 16 January 2015 - 12:28 PM

This topic has been re-opened at the request of the person who originally posted.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users