Jump to content

240phil

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by 240phil

  1. Thanks again Gringo. I am most grateful for your time and the great result. Happy to donate and have done so. Cheers Phil
  2. C:\$RECYCLE.BIN\S-1-5-21-3369298791-168434654-4232517219-1000\$RMVSROV\Documents\Downloads\loaristrojanremover.exe a variant of Win32/1AntiVirus application C:\$RECYCLE.BIN\S-1-5-21-3369298791-168434654-4232517219-1000\$RUGSIUC\loaristrojanremover.exe a variant of Win32/1AntiVirus application C:\Users\qaz\Documents\Downloads\loaristrojanremover.exe a variant of Win32/1AntiVirus application C:\Users\qaz\Downloads\Adaware_Installer.exe Win32/OpenCandy application C:\Users\qaz\Downloads\FoxitReader514.0104_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application eset scan
  3. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.15.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 qaz :: QAZ-PC [administrator] 22/02/2013 3:16:37 PM mbam-log-2013-02-22 (15-16-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210484 Time elapsed: 4 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:21:43 PM, on 22/02/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe C:\Program Files\Eraser\Eraser.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe C:\Users\qaz\Downloads\HijackThis(1).exe C:\Windows\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - mscoree.dll (file missing) O3 - Toolbar: Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - mscoree.dll (file missing) O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sTCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe" O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart O4 - HKLM\..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- End of file - 5862 bytes No problems except sysytem denied acess to Hosts file Comp. still running fine Thank you
  4. ComboFix 13-02-20.01 - qaz 21/02/2013 18:47:51.2.4 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3503.2696 [GMT 11:00] Running from: c:\users\qaz\Desktop\ComboFix.exe Command switches used :: c:\users\qaz\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 ))))))))))))))))))))))))))))))) . . 2013-02-21 07:51 . 2013-02-21 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-21 03:10 . 2013-02-21 07:51 -------- d-----w- c:\users\qaz\AppData\Local\temp 2013-02-20 04:57 . 2013-02-20 04:57 156 ----a-w- c:\windows\DeleteOnReboot.bat 2013-02-18 01:46 . 2013-02-18 01:47 -------- d-----w- C:\sh4ldr 2013-02-18 01:46 . 2013-02-18 01:46 -------- d-----w- c:\program files\Enigma Software Group 2013-02-17 07:03 . 2013-02-17 07:04 -------- d-----w- c:\programdata\HitmanPro 2013-02-17 06:58 . 2013-02-17 06:58 -------- d-----w- c:\program files\VS Revo Group 2013-02-15 05:47 . 2013-02-21 02:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-02-15 05:47 . 2013-02-21 02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-02-14 21:03 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-02-08 23:42 . 2013-02-18 21:44 -------- d-----w- c:\program files\Eraser 2013-02-07 00:04 . 2013-02-07 00:04 -------- d-----w- c:\users\qaz\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-20 05:00 . 2012-01-31 02:27 17488 ----a-w- c:\windows\gdrv.sys 2013-02-14 20:58 . 2012-10-10 02:15 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-02-10 07:04 . 2012-06-27 03:32 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-10 07:04 . 2012-01-31 02:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-23 05:03 . 2012-12-23 05:03 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-23 05:03 . 2012-12-23 05:03 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-23 05:03 . 2012-12-23 05:03 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-16 14:25 . 2012-12-21 16:00 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 16:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 05:49 . 2012-04-25 03:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 05:04 . 2013-01-09 06:47 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 04:57 . 2013-01-09 06:47 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 03:21 . 2013-01-09 06:47 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 03:21 . 2013-01-09 06:47 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 03:21 . 2013-01-09 06:47 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 03:21 . 2013-01-09 06:47 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 03:21 . 2013-01-09 06:47 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 03:21 . 2013-01-09 06:47 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 03:21 . 2013-01-09 06:47 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 03:21 . 2013-01-09 06:47 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 03:21 . 2013-01-09 06:47 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 03:21 . 2013-01-09 06:47 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 03:21 . 2013-01-09 06:47 15360 ----a-w- c:\windows\system32\djctq.rs 2013-02-06 22:32 . 2013-02-06 22:32 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}] 2009-11-25 01:47 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 142616] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 176408] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384] "STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064] "ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-21 980920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-11-28 03:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools] 2010-12-15 06:21 514048 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] 2009-06-10 23:17 3618104 ----a-w- c:\program files\Brownie\BrStsWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2012-05-21 21:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 12:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Media Converter Notice] 2011-09-15 05:13 1051528 ----a-w- c:\program files\ConsumerSoft\My Media Converter\MyMediaConverterNotice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent] 2011-03-04 04:07 776064 ----a-w- c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-02 22:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent] 2010-11-15 11:21 841544 ----a-w- c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 cpuz134;cpuz134;c:\users\qaz\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [x] S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x] S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x] S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-02 06:41 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:04] . 2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27] . 2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27] . 2013-02-10 c:\windows\Tasks\ParetoLogic Privacy Controls_{C1252E64-0A9C-11E2-90B7-0015833D0A57}.job - c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2012-09-07 22:29] . 2013-02-21 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:07] . 2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07] . 2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - ExtSQL: 2013-01-31 10:55; 5109b8b30b429@5109b8b30b463.com; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\5109b8b30b429@5109b8b30b463.com.xpi FF - ExtSQL: 2013-02-17 18:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-21 18:52:26 ComboFix-quarantined-files.txt 2013-02-21 07:52 ComboFix2.txt 2013-02-21 03:10 . Pre-Run: 333,661,683,712 bytes free Post-Run: 333,611,614,208 bytes free . - - End Of File - - 570574373B1A91D94FF0F81F7E1241E5 computer is running fine
  5. ComboFix 13-02-20.01 - qaz 21/02/2013 14:06:20.1.4 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3503.2166 [GMT 11:00] Running from: c:\users\qaz\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\ntuser.dat . . ((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 ))))))))))))))))))))))))))))))) . . 2013-02-21 03:09 . 2013-02-21 03:09 -------- d-----w- c:\users\qaz\AppData\Local\temp 2013-02-21 03:09 . 2013-02-21 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-20 04:57 . 2013-02-20 04:57 156 ----a-w- c:\windows\DeleteOnReboot.bat 2013-02-18 01:46 . 2013-02-18 01:47 -------- d-----w- C:\sh4ldr 2013-02-18 01:46 . 2013-02-18 01:46 -------- d-----w- c:\program files\Enigma Software Group 2013-02-17 07:03 . 2013-02-17 07:04 -------- d-----w- c:\programdata\HitmanPro 2013-02-17 06:58 . 2013-02-17 06:58 -------- d-----w- c:\program files\VS Revo Group 2013-02-15 05:47 . 2013-02-21 02:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-02-15 05:47 . 2013-02-21 02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-02-14 21:03 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-02-08 23:42 . 2013-02-18 21:44 -------- d-----w- c:\program files\Eraser 2013-02-07 00:04 . 2013-02-07 00:04 -------- d-----w- c:\users\qaz\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-20 05:00 . 2012-01-31 02:27 17488 ----a-w- c:\windows\gdrv.sys 2013-02-14 20:58 . 2012-10-10 02:15 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-02-10 07:04 . 2012-06-27 03:32 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-10 07:04 . 2012-01-31 02:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-23 05:03 . 2012-12-23 05:03 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-23 05:03 . 2012-12-23 05:03 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-23 05:03 . 2012-12-23 05:03 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-16 14:25 . 2012-12-21 16:00 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 16:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-14 05:49 . 2012-04-25 03:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 05:04 . 2013-01-09 06:47 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 04:57 . 2013-01-09 06:47 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 03:21 . 2013-01-09 06:47 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 03:21 . 2013-01-09 06:47 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 03:21 . 2013-01-09 06:47 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 03:21 . 2013-01-09 06:47 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 03:21 . 2013-01-09 06:47 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 03:21 . 2013-01-09 06:47 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 03:21 . 2013-01-09 06:47 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 03:21 . 2013-01-09 06:47 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 03:21 . 2013-01-09 06:47 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 03:21 . 2013-01-09 06:47 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 03:21 . 2013-01-09 06:47 15360 ----a-w- c:\windows\system32\djctq.rs 2013-02-06 22:32 . 2013-02-06 22:32 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}] 2009-11-25 01:47 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 142616] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 176408] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384] "STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064] "ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-21 980920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-11-28 03:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools] 2010-12-15 06:21 514048 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] 2009-06-10 23:17 3618104 ----a-w- c:\program files\Brownie\BrStsWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2012-05-21 21:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 12:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Media Converter Notice] 2011-09-15 05:13 1051528 ----a-w- c:\program files\ConsumerSoft\My Media Converter\MyMediaConverterNotice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent] 2011-03-04 04:07 776064 ----a-w- c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-02 22:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent] 2010-11-15 11:21 841544 ----a-w- c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x] R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x] R3 cpuz134;cpuz134;c:\users\qaz\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x] S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [x] S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x] S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x] S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-02 06:41 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:04] . 2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27] . 2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27] . 2013-02-10 c:\windows\Tasks\ParetoLogic Privacy Controls_{C1252E64-0A9C-11E2-90B7-0015833D0A57}.job - c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2012-09-07 22:29] . 2013-02-20 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:07] . 2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07] . 2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/ FF - ExtSQL: 2013-01-31 10:55; 5109b8b30b429@5109b8b30b463.com; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\5109b8b30b429@5109b8b30b463.com.xpi FF - ExtSQL: 2013-02-17 18:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . - - - - ORPHANS REMOVED - - - - . HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe MSConfigStartUp-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe AddRemove-NokiaFREE Unlock Codes Calculator - c:\users\qaz\Desktop\NokiaFREE Unlock Codes Calculator\uninst.exe AddRemove-WorldUnlock Codes Calculator - c:\users\qaz\Desktop\WorldUnlock Codes Calculator\uninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-21 14:10:25 ComboFix-quarantined-files.txt 2013-02-21 03:10 . Pre-Run: 333,512,908,800 bytes free Post-Run: 333,458,378,752 bytes free . - - End Of File - - 024010FE40C9308986AFA2A7738524F6
  6. I have run Malaware bytes this morning and both viruses have been removed. Shall I still run combofix or see if they re-appear. Thank you
  7. RogueKiller V8.5.1 [Feb 19 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : qaz [Admin rights] Mode : Remove -- Date : 02/20/2013 16:10:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\qaz\Local Settings\Temp\msripuwv.com) [x] -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BC142 ATA Device +++++ --- User --- [MBR] 92113bfb9d78fab3ba54f9a78b6b12e6 [bSP] a3a6b31c2c8b8fad5100a7e497db0a7e : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02202013_02d1610.txt >> RKreport[1]_S_02202013_02d1608.txt ; RKreport[2]_D_02202013_02d1610.txt
  8. # AdwCleaner v2.112 - Logfile created 02/20/2013 at 15:57:03 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Professional (32 bits) # User : qaz - QAZ-PC # Boot Mode : Normal # Running from : C:\Users\qaz\Downloads\adwcleaner0.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\blekkotb Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search File Deleted : C:\END File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\searchplugins\Askcom.xml Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\uTorrentControl_v2 Folder Deleted : C:\Program Files\uTorrentControl2 Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\Users\qaz\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\qaz\AppData\Local\Conduit Folder Deleted : C:\Users\qaz\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\qaz\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\qaz\AppData\LocalLow\blekkotb Folder Deleted : C:\Users\qaz\AppData\LocalLow\Conduit Folder Deleted : C:\Users\qaz\AppData\LocalLow\uTorrentControl_v2 Folder Deleted : C:\Users\qaz\AppData\LocalLow\uTorrentControl2 Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\ConduitCommon Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\CT3072253 Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\CT3220468 Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\toolbar@ask.com Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\Smartbar Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\blekkotb Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2 Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E7B257-C6F7-496C-8411-C71B02CFDD2A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64AD3DFF-F763-4BEB-9DA8-B35B5D1605CF} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C71F7D94-54A8-4D74-BC41-FC42092252E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD10EA90-E96C-418B-9B7D-F26760880124} Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\uTorrentControl_v2 Key Deleted : HKLM\Software\uTorrentControl2 Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-GB) File : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\prefs.js C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\user.js ... Deleted ! Deleted : user_pref("CT3072253..clientLogIsEnabled", false); Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true); Deleted : user_pref("CT3072253.CTID", "CT3072253"); Deleted : user_pref("CT3072253.CurrentServerDate", "20-2-2013"); Deleted : user_pref("CT3072253.DSInstall", false); Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Tue Feb 19 2013 13:23:03 GMT+1100 (AUS Eastern Da[...] Deleted : user_pref("CT3072253.DownloadReferralCookieData", ""); Deleted : user_pref("CT3072253.FirstServerDate", "13-4-2012"); Deleted : user_pref("CT3072253.FirstTime", true); Deleted : user_pref("CT3072253.FirstTimeFF3", true); Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true); Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3072253.HPInstall", false); Deleted : user_pref("CT3072253.HasUserGlobalKeys", true); Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false); Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com.au/"); Deleted : user_pref("CT3072253.Initialize", true); Deleted : user_pref("CT3072253.InitializeCommonPrefs", true); Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration"); Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT3072253.InstalledDate", "Fri Apr 13 2012 16:50:10 GMT+1000 (AUS Eastern Standard Time)"[...] Deleted : user_pref("CT3072253.IsAlertDBUpdated", true); Deleted : user_pref("CT3072253.IsGrouping", false); Deleted : user_pref("CT3072253.IsInitSetupIni", true); Deleted : user_pref("CT3072253.IsMulticommunity", false); Deleted : user_pref("CT3072253.IsOpenThankYouPage", true); Deleted : user_pref("CT3072253.IsOpenUninstallPage", false); Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Feb 19 2013 17:32:15 GMT+1100 (AUS Eastern Day[...] Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3072253.LastLogin_3.10.0.1", "Thu Apr 19 2012 08:46:42 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3072253.LastLogin_3.12.0.7", "Wed Apr 25 2012 09:47:05 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Thu Jun 07 2012 23:27:56 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Jul 18 2012 09:04:56 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Wed Aug 29 2012 14:06:17 GMT+1000 (AUS Eastern Standard T[...] Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Wed Nov 07 2012 14:58:35 GMT+1100 (AUS Eastern Daylight T[...] Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Mon Feb 11 2013 17:08:00 GMT+1100 (AUS Eastern Daylight T[...] Deleted : user_pref("CT3072253.LastLogin_3.18.0.7", "Wed Feb 20 2013 13:07:56 GMT+1100 (AUS Eastern Daylight T[...] Deleted : user_pref("CT3072253.LatestVersion", "3.18.0.7"); Deleted : user_pref("CT3072253.Locale", "en"); Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.10.0.1"); Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search"); Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Ask.com"); Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...] Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true); Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Feb 20 2013 09:06:43 GMT+1100 (AUS Eastern D[...] Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3072253.SearchProtectorEnabled", false); Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Wed Feb 20 2013 09:06:43 GMT+1100 (AUS Eastern Dayli[...] Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Wed Feb 20 2013 13:07:51 GMT+1100 (AUS Eastern Dayligh[...] Deleted : user_pref("CT3072253.SettingsLastUpdate", "1361287517"); Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Jul 21 2012 16:57:09 GMT+1000 (AUS Eastern[...] Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253"); Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3072253.UserID", "UN71038051789782125"); Deleted : user_pref("CT3072253.ValidationData_Search", 2); Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2); Deleted : user_pref("CT3072253.alertChannelId", "1463702"); Deleted : user_pref("CT3072253.autoDisableScopes", -1); Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "34"); Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31"); Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423638303132393533313037345F46697265666F78")[...] Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "4155"); Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4155"); Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4672692041707220313320323031322031363A35303A31322[...] Deleted : user_pref("CT3072253.backendstorage.cbopenmamsettings", "30"); Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7472616E736C6174652E676F6F676C6[...] Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Jul 20 2012 13:46:01 GMT+1000 (AUS East[...] Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3072253.initDone", true); Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true); Deleted : user_pref("CT3072253.myStuffEnabled", true); Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false); Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...] Deleted : user_pref("CT3072253.revertSettingsEnabled", true); Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3072253.testingCtid", ""); Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Wed Feb 20 2013 09:06:47 GMT+1100 (AUS Easte[...] Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Jul 23 2012 17:53:27 GMT+1000 (AUS Easte[...] Deleted : user_pref("CT3072253.usagesFlag", 2); Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1ODgwNTg3NCwidXVpZCI6MzIyNDY1MTM0NjQ1ODQ5LCJ[...] Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA=="); Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3220468.FirstTime", "true"); Deleted : user_pref("CT3220468.FirstTimeFF3", "true"); Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true); Deleted : user_pref("CT3220468.RevertSettingsEnabled", true); Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] Deleted : user_pref("CT3220468.UserID", "UN12178348110676274"); Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3220468.autoDisableScopes", -1); Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true); Deleted : user_pref("CT3220468.cbcountry_001.enc", "QVU="); Deleted : user_pref("CT3220468.cbfirsttime.enc", "U2F0IEphbiAxOSAyMDEzIDIxOjE3OjA0IEdNVCsxMTAwIChBVVMgRWFzdGVy[...] Deleted : user_pref("CT3220468.defaultSearch", "true"); Deleted : user_pref("CT3220468.enableAlerts", "always"); Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE"); Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundError", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3220468.fixUrls", true); Deleted : user_pref("CT3220468.homepageuserchanged", true); Deleted : user_pref("CT3220468.installType", "xpe"); Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true); Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT3220468.isNewTabEnabled", true); Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.keyword", true); Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...] Deleted : user_pref("CT3220468.lastVersion", "10.14.65.43"); Deleted : user_pref("CT3220468.migrateAppsAndComponents", true); Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforums.malwareby[...] Deleted : user_pref("CT3220468.openThankYouPage", "true"); Deleted : user_pref("CT3220468.openUninstallPage", "false"); Deleted : user_pref("CT3220468.revertSettingsEnabled", "false"); Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Deleted : user_pref("CT3220468.search.searchCount", "0"); Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true"); Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358590623277"); Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1358747620750"); Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358590623620"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358655806620"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359587292091"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360979571587"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361323196757"); Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358590623667"); Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1358719478851"); Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1361323196110"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358590623580"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1361336054028"); Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1361323196247"); Deleted : user_pref("CT3220468.settingsINI", true); Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Deleted : user_pref("CT3220468.smartbar.Uninstall", "0"); Deleted : user_pref("CT3220468.smartbar.homepage", true); Deleted : user_pref("CT3220468.smartbar.isHidden", true); Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Deleted : user_pref("CT3220468.toolbarBornServerTime", "19-1-2013"); Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "20-2-2013"); Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3Nicy5uc2stc3lzLmNvbS90cmFjay90cmFmZmljLnBocD9j[...] Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/AU", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5ce[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\qaz\\AppData\\Roaming\\Mozilla\\Fir[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253"); Deleted : user_pref("CommunityToolbar.globalUserId", "1a4a3ed2-fd44-4c48-bf53-74a27d49755c"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 23 2012 17:53:2[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 27 2012 14:45:48 GMT+100[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 27 2012 14:45:40 GMT+1000 (A[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "56934e1c-d493-4b9f-975e-e015a3874314"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.au/"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com"); Deleted : user_pref("Smartbar.ConduitHomepagesList", ""); Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search"); Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl_v2 Customized Web Search"); Deleted : user_pref("extensions.5109b8b30b4e3.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...] Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468"); Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13[...] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Deleted : user_pref("smartbar.machineId", "UDOTAI6R+5POQUY0TVVQEKYFFXENEUD0/NFFINTBVHF3LRAVSDPD9PHJE8FTAVBPL/9[...] Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com.au/"); Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...] Deleted : user_pref("smartbar.originalSearchEngine", "AVG Secure Search"); -\\ Google Chrome v24.0.1312.57 File : C:\Users\qaz\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://search.conduit.com/?ctid=CT3220468&Searc[...] ************************* AdwCleaner[R1].txt - [69722 octets] - [20/02/2013 15:55:17] AdwCleaner[s1].txt - [38807 octets] - [20/02/2013 15:57:03] ########## EOF - C:\AdwCleaner[s1].txt - [38868 octets] ##########
  9. Results of screen317's Security Check version 0.99.58 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Lavasoft Ad-Watch Live! Anti-Virus AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.149 Mozilla Firefox (for.) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe Ad-Aware AAWTray.exe AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  10. Hi My first request is for a process to remove the above. Have run Malawarebytes many time with no luck. Hope you can help! dds.txtattach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.