Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HijackThis Log: Please help Diagnose

  • This topic is locked This topic is locked
14 replies to this topic

#1 Dreamflex


  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 20 January 2016 - 10:19 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:16:02, on 20-01-2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16659)
Boot mode: Normal
Running processes:
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\MediatekWiFi\Common\RaUI.exe
C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Program Files\Common Files\SNP2UVC\tsnp2uvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Socialbox.lnk = C:\Program Files\Socialbox\Socialbox.exe
O4 - Global Startup: Mediatek Wireless Utility.lnk = C:\Program Files\MediatekWiFi\Common\RaUI.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Tjenesten Google Update (gupdate1c9976bae827298) (gupdate1c9976bae827298) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: MediatekRegistryWriter - Mediatek Inc. - C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe
O23 - Service: RealtekCU - Unknown owner - C:\Program Files\Realtek\USB Wireless LAN Utility\RtlService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
End of file - 8268 bytes

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 20 January 2016 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

What are the current problems with this computer?
Wait for further instructions.


HijackThis is no longer supported and is not ready for current operating systems.
I suggest your remove it via Control Panel > Programs and Features applet.
Use the Farbar tool from now on to report problems.

#3 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 25 January 2016 - 09:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 25 January 2016 - 02:16 PM

I have scanned with Malwarebytes and AdwCleaner. Here are the results... :
Kind regards

Malwarebytes Anti-Malware

Scan Dato: 25-01-2016
Scan Tid: 15:42:09
Logfil: Marie Frausing log.txt
Administrator: Ja

Malware Database: v2016.01.25.01
Rootkit Database: v2016.01.20.01
Licens: Gratis
Malware Protection: Handicappede
Ondsindet Hjemmeside Beskyttelse: Handicappede
Selvbeskyttelse: Handicappede

OS: Windows Vista Service Pack 2
CPU: x86
Fil system: NTFS
Bruger: Marie

Scan Type: Trussel Scanning
Resultater: Fuldført
Objekter Scannet: 314019
Forløbet Tid: 32 min, 42 sek

Hukommelse: Aktiveret
Startop: Aktiveret
Filsystem: Aktiveret
Arkiver: Aktiveret
Rootkits: Aktiveret
Heuristics: Aktiveret
PUP: Aktiveret
PUM: Aktiveret

Processer: 0
(Ingen skadelige varer fundet)

Moduler: 0
(Ingen skadelige varer fundet)

Nøgle Register: 0
(Ingen skadelige varer fundet)

Værdi Register: 0
(Ingen skadelige varer fundet)

Data Register: 0
(Ingen skadelige varer fundet)

Mapper: 0
(Ingen skadelige varer fundet)

Filer: 0
(Ingen skadelige varer fundet)

Fysiske sektorer: 0
(Ingen skadelige varer fundet)


# AdwCleaner v5.030 - Logfile created 25/01/2016 at 16:18:39
# Updated 17/01/2016 by Xplode
# Database : 2016-01-25.1 [Server]
# Operating system : Windows Vista Home Basic Service Pack 2 (x86)
# Username : Marie - MARIE-PC
# Running from : C:\Users\Marie\Downloads\adwcleaner_5.030.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\MacroGaming
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\Users\Marie\AppData\Local\Conduit
Folder Found : C:\Users\Marie\AppData\Local\NativeMessaging
Folder Found : C:\Users\Marie\AppData\Local\TBHostSupport
Folder Found : C:\Users\Marie\AppData\Local\WhiteListing
Folder Found : C:\Users\Marie\AppData\LocalLow\Conduit
Folder Found : C:\Users\Marie\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Marie\AppData\LocalLow\ShoppingReport
Folder Found : C:\Users\Marie\AppData\Roaming\Uniblue
Folder Found : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\ConduitCommon

***** [ Files ] *****

File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pacgpkgadgmibnhpdidcnfafllnmeomc_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pacgpkgadgmibnhpdidcnfafllnmeomc_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pacgpkgadgmibnhpdidcnfafllnmeomc_0
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pacgpkgadgmibnhpdidcnfafllnmeomc
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ad.turn.com_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cdn.turn.com_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_dk.yhs4.search.yahoo.com_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_dk.yhs4.search.yahoo.com_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ividi.org_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_ividi.org_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_vcm-match.dotomi.com_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_vcm-match.dotomi.com_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\searchplugins\askcomsearch.xml

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : RunAsStdUser Task

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0944F019-9B20-4721-A066-DCDAB336CEB5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

***** [ Web browsers ] *****

[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CT3072253.HasUserGlobalKeys", true);
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Tue May 22 2012 18:50:39 GMT+0200");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CT3072253.autoDisableScopes", 10);
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CT3072253.testingCtid", "");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Marie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hpizcu17.default\\conduitCommon\\modules\\");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.notifications.locale", "");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 18:50:41 GMT+0200");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("CommunityToolbar.notifications.userId", "bd914084-7f25-4b6a-92ec-412dd4d875e0");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultengine", "Ask.com");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "Ask.com");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "Ask.com");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "Ask.com");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/route/?d=4cca562d&v=");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.1\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\" [...]
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.veohsearchrecs.VeohVersion", "1.4.1");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.veohsearchrecs.id", "5e50385c6-253e-5915-2c9d-6d1c2ee7546");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.veohsearchrecs.lastsitedate", "18");
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\hpizcu17.default\prefs.js] [Preference] Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : babylon.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : yahoo.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : world-of-warcraft-mists-of-pandaria.softonic.it
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask search
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aartemis
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : adobe-digital-editions.en.softonic.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearchdial.com
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pacgpkgadgmibnhpdidcnfafllnmeomc

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13524 bytes] ##########

Edited by Dreamflex, 25 January 2016 - 02:17 PM.

#5 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 25 January 2016 - 02:36 PM

Run the AdwCleaner and clean everything.

Restart the computer normally.

How is the computer running now?

#6 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 26 January 2016 - 09:13 AM

Hi :-)

Thank you, I will try that now. The problems I experience is in relation to playing computer games (World of Warcraft). I get lag spikes (I think it is called :-)) and unsure why and if there is something I can do to optimize my pc. Maybe some of the hardware /software is outdated compared to the requirements for the game. I am a bit unsure about that. So I thought I could try to get help here to see if there is something wrong that I can change - or if I simply need better hardware/software :-)

Will try and clean what the AdwCleaner finds and restart,and then see how the game works now :-)

Thanks :-)

#7 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 27 January 2016 - 08:14 AM

Keep me posted.

#8 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 28 January 2016 - 12:37 PM

Hi :-)


It has unfortunately not yet resolved the issue. 

So I may have to get myself another computer, or maybe parts for it. I don't know that much about hardware and "building" a pc, so maybe my dad can help me fix something. Maybe it is the processor that is too "weak"?... :-)


Kind regards


PS. I have attached a picture showing the content of my pc. :-)

Attached Files

#9 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 28 January 2016 - 03:20 PM

Was the game running fine before you asked for help?

#10 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 29 January 2016 - 06:19 AM

Hi :-)

No, the problem was there - and then I posted here.... Found a link to this page via this page:



#11 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 29 January 2016 - 06:20 AM

This works: 


#12 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 29 January 2016 - 06:25 AM

Actually I think the link was somewhere else,  sorry, a bit confusing :-)

But the page I just posted recommends HijackThis, and I think it was in connection with downloading that program that I was lead to this forum :-)

#13 Dreamflex

  • Topic Starter

  • Members
  • 8 posts
  • Gender:Female
  • Location:Denmark
  • Local time:07:47 AM

Posted 29 January 2016 - 06:26 AM

But my computer used to be able to play WoW without so many lag spikes.... But that was some years ago, so maybe it has become more advanced and for that reason my pc is no longer up to date...

#14 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 29 January 2016 - 08:51 AM

I see.

check their forum maybe you can find a solution.


To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.

#15 nasdaq


  • Malware Response Team
  • 40,456 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:47 AM

Posted 04 February 2016 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users