240phil
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by 240phil
-
-
C:\$RECYCLE.BIN\S-1-5-21-3369298791-168434654-4232517219-1000\$RMVSROV\Documents\Downloads\loaristrojanremover.exe a variant of Win32/1AntiVirus application
C:\$RECYCLE.BIN\S-1-5-21-3369298791-168434654-4232517219-1000\$RUGSIUC\loaristrojanremover.exe a variant of Win32/1AntiVirus application
C:\Users\qaz\Documents\Downloads\loaristrojanremover.exe a variant of Win32/1AntiVirus application
C:\Users\qaz\Downloads\Adaware_Installer.exe Win32/OpenCandy application
C:\Users\qaz\Downloads\FoxitReader514.0104_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application
eset scan
-
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.15.09
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
qaz :: QAZ-PC [administrator]
22/02/2013 3:16:37 PM
mbam-log-2013-02-22 (15-16-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210484
Time elapsed: 4 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:21:43 PM, on 22/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Users\qaz\Downloads\HijackThis(1).exe
C:\Windows\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - mscoree.dll (file missing)
O3 - Toolbar: Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [sTCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
--
End of file - 5862 bytes
No problems except sysytem denied acess to Hosts file
Comp. still running fine
Thank you
-
ComboFix 13-02-20.01 - qaz 21/02/2013 18:47:51.2.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3503.2696 [GMT 11:00]
Running from: c:\users\qaz\Desktop\ComboFix.exe
Command switches used :: c:\users\qaz\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-21 07:51 . 2013-02-21 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-21 03:10 . 2013-02-21 07:51 -------- d-----w- c:\users\qaz\AppData\Local\temp
2013-02-20 04:57 . 2013-02-20 04:57 156 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-18 01:46 . 2013-02-18 01:47 -------- d-----w- C:\sh4ldr
2013-02-18 01:46 . 2013-02-18 01:46 -------- d-----w- c:\program files\Enigma Software Group
2013-02-17 07:03 . 2013-02-17 07:04 -------- d-----w- c:\programdata\HitmanPro
2013-02-17 06:58 . 2013-02-17 06:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-15 05:47 . 2013-02-21 02:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-15 05:47 . 2013-02-21 02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-02-14 21:03 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-02-08 23:42 . 2013-02-18 21:44 -------- d-----w- c:\program files\Eraser
2013-02-07 00:04 . 2013-02-07 00:04 -------- d-----w- c:\users\qaz\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 05:00 . 2012-01-31 02:27 17488 ----a-w- c:\windows\gdrv.sys
2013-02-14 20:58 . 2012-10-10 02:15 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-10 07:04 . 2012-06-27 03:32 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 07:04 . 2012-01-31 02:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 05:03 . 2012-12-23 05:03 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-23 05:03 . 2012-12-23 05:03 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-23 05:03 . 2012-12-23 05:03 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 14:25 . 2012-12-21 16:00 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 16:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 05:49 . 2012-04-25 03:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 05:04 . 2013-01-09 06:47 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57 . 2013-01-09 06:47 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 03:21 . 2013-01-09 06:47 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 06:47 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 06:47 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:21 . 2013-01-09 06:47 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:21 . 2013-01-09 06:47 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 06:47 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:21 . 2013-01-09 06:47 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:21 . 2013-01-09 06:47 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 06:47 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 06:47 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:21 . 2013-01-09 06:47 15360 ----a-w- c:\windows\system32\djctq.rs
2013-02-06 22:32 . 2013-02-06 22:32 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]
2009-11-25 01:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 176408]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
"STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-21 980920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 03:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
2010-12-15 06:21 514048 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-06-10 23:17 3618104 ----a-w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-21 21:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 12:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Media Converter Notice]
2011-09-15 05:13 1051528 ----a-w- c:\program files\ConsumerSoft\My Media Converter\MyMediaConverterNotice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent]
2011-03-04 04:07 776064 ----a-w- c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-02 22:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent]
2010-11-15 11:21 841544 ----a-w- c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cpuz134;cpuz134;c:\users\qaz\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:41 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:04]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27]
.
2013-02-10 c:\windows\Tasks\ParetoLogic Privacy Controls_{C1252E64-0A9C-11E2-90B7-0015833D0A57}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2012-09-07 22:29]
.
2013-02-21 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:07]
.
2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - ExtSQL: 2013-01-31 10:55; 5109b8b30b429@5109b8b30b463.com; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\5109b8b30b429@5109b8b30b463.com.xpi
FF - ExtSQL: 2013-02-17 18:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-21 18:52:26
ComboFix-quarantined-files.txt 2013-02-21 07:52
ComboFix2.txt 2013-02-21 03:10
.
Pre-Run: 333,661,683,712 bytes free
Post-Run: 333,611,614,208 bytes free
.
- - End Of File - - 570574373B1A91D94FF0F81F7E1241E5
computer is running fine
-
Computer is operating fine thanks so much.
-
ComboFix 13-02-20.01 - qaz 21/02/2013 14:06:20.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.3503.2166 [GMT 11:00]
Running from: c:\users\qaz\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-21 03:09 . 2013-02-21 03:09 -------- d-----w- c:\users\qaz\AppData\Local\temp
2013-02-21 03:09 . 2013-02-21 03:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-20 04:57 . 2013-02-20 04:57 156 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-18 01:46 . 2013-02-18 01:47 -------- d-----w- C:\sh4ldr
2013-02-18 01:46 . 2013-02-18 01:46 -------- d-----w- c:\program files\Enigma Software Group
2013-02-17 07:03 . 2013-02-17 07:04 -------- d-----w- c:\programdata\HitmanPro
2013-02-17 06:58 . 2013-02-17 06:58 -------- d-----w- c:\program files\VS Revo Group
2013-02-15 05:47 . 2013-02-21 02:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-15 05:47 . 2013-02-21 02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-02-14 21:03 . 2013-01-04 03:00 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-02-08 23:42 . 2013-02-18 21:44 -------- d-----w- c:\program files\Eraser
2013-02-07 00:04 . 2013-02-07 00:04 -------- d-----w- c:\users\qaz\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 05:00 . 2012-01-31 02:27 17488 ----a-w- c:\windows\gdrv.sys
2013-02-14 20:58 . 2012-10-10 02:15 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-10 07:04 . 2012-06-27 03:32 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 07:04 . 2012-01-31 02:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 05:03 . 2012-12-23 05:03 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-23 05:03 . 2012-12-23 05:03 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-23 05:03 . 2012-12-23 05:03 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 14:25 . 2012-12-21 16:00 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 16:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 05:49 . 2012-04-25 03:03 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 05:04 . 2013-01-09 06:47 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57 . 2013-01-09 06:47 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 03:21 . 2013-01-09 06:47 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 06:47 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 06:47 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:21 . 2013-01-09 06:47 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:21 . 2013-01-09 06:47 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:21 . 2013-01-09 06:47 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 06:47 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:21 . 2013-01-09 06:47 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:21 . 2013-01-09 06:47 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 06:47 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 06:47 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:21 . 2013-01-09 06:47 15360 ----a-w- c:\windows\system32\djctq.rs
2013-02-06 22:32 . 2013-02-06 22:32 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{c20391ee-b6fd-4a35-9f1b-2892dda5b107}]
2009-11-25 01:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 08:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 176408]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-07 10082920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-30 648072]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
"STCAgent"="c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
"ZyngaGamesAgent"="c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-21 980920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-30 1750528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 03:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxoft Tools]
2010-12-15 06:21 514048 ----a-w- c:\programdata\Boxtools\Boxofttoolbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-06-10 23:17 3618104 ----a-w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-21 21:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 12:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Media Converter Notice]
2011-09-15 05:13 1051528 ----a-w- c:\program files\ConsumerSoft\My Media Converter\MyMediaConverterNotice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent]
2011-03-04 04:07 776064 ----a-w- c:\program files\Splashtop\Splashtop Connect IE\STCAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-02 22:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent]
2010-11-15 11:21 841544 ----a-w- c:\program files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 cpuz134;cpuz134;c:\users\qaz\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 SCBackService;Splashtop Connect Service;c:\program files\Splashtop\Splashtop Connect\BackService.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [x]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 06:41 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 07:04]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 06:27]
.
2013-02-10 c:\windows\Tasks\ParetoLogic Privacy Controls_{C1252E64-0A9C-11E2-90B7-0015833D0A57}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2012-09-07 22:29]
.
2013-02-20 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2012-06-27 21:07]
.
2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2013-02-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - ExtSQL: 2013-01-31 10:55; 5109b8b30b429@5109b8b30b463.com; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\5109b8b30b429@5109b8b30b463.com.xpi
FF - ExtSQL: 2013-02-17 18:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
MSConfigStartUp-Anti-phishing Domain Advisor - c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-NokiaFREE Unlock Codes Calculator - c:\users\qaz\Desktop\NokiaFREE Unlock Codes Calculator\uninst.exe
AddRemove-WorldUnlock Codes Calculator - c:\users\qaz\Desktop\WorldUnlock Codes Calculator\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-21 14:10:25
ComboFix-quarantined-files.txt 2013-02-21 03:10
.
Pre-Run: 333,512,908,800 bytes free
Post-Run: 333,458,378,752 bytes free
.
- - End Of File - - 024010FE40C9308986AFA2A7738524F6
-
I have run Malaware bytes this morning and both viruses have been removed.
Shall I still run combofix or see if they re-appear.
Thank you
-
RogueKiller V8.5.1 [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : qaz [Admin rights]
Mode : Remove -- Date : 02/20/2013 16:10:04
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\qaz\Local Settings\Temp\msripuwv.com) [x] -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BC142 ATA Device +++++
--- User ---
[MBR] 92113bfb9d78fab3ba54f9a78b6b12e6
[bSP] a3a6b31c2c8b8fad5100a7e497db0a7e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_02202013_02d1610.txt >>
RKreport[1]_S_02202013_02d1608.txt ; RKreport[2]_D_02202013_02d1610.txt
-
# AdwCleaner v2.112 - Logfile created 02/20/2013 at 15:57:03
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : qaz - QAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\qaz\Downloads\adwcleaner0.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\blekkotb
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentControl_v2
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\qaz\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\qaz\AppData\Local\Conduit
Folder Deleted : C:\Users\qaz\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\qaz\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\qaz\AppData\LocalLow\blekkotb
Folder Deleted : C:\Users\qaz\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\qaz\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\qaz\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\ConduitCommon
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\CT3072253
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\CT3220468
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\Smartbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\blekkotb
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00F12770-E60E-4DC6-9105-425BFACE7C73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E7B257-C6F7-496C-8411-C71B02CFDD2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64AD3DFF-F763-4BEB-9DA8-B35B5D1605CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C71F7D94-54A8-4D74-BC41-FC42092252E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD10EA90-E96C-418B-9B7D-F26760880124}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20A0BE68-8FD9-4539-8712-CE3D1C1FDFC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blekkotb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26C9E18C-3717-4BE1-A225-04E4471F5B6E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-GB)
File : C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\prefs.js
C:\Users\qaz\AppData\Roaming\Mozilla\Firefox\Profiles\p1k3b9ch.default\user.js ... Deleted !
Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Deleted : user_pref("CT3072253.CTID", "CT3072253");
Deleted : user_pref("CT3072253.CurrentServerDate", "20-2-2013");
Deleted : user_pref("CT3072253.DSInstall", false);
Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Tue Feb 19 2013 13:23:03 GMT+1100 (AUS Eastern Da[...]
Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Deleted : user_pref("CT3072253.FirstServerDate", "13-4-2012");
Deleted : user_pref("CT3072253.FirstTime", true);
Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3072253.HPInstall", false);
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com.au/");
Deleted : user_pref("CT3072253.Initialize", true);
Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3072253.InstalledDate", "Fri Apr 13 2012 16:50:10 GMT+1000 (AUS Eastern Standard Time)"[...]
Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Deleted : user_pref("CT3072253.IsGrouping", false);
Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Deleted : user_pref("CT3072253.IsMulticommunity", false);
Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Tue Feb 19 2013 17:32:15 GMT+1100 (AUS Eastern Day[...]
Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3072253.LastLogin_3.10.0.1", "Thu Apr 19 2012 08:46:42 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.0.7", "Wed Apr 25 2012 09:47:05 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.12.2.3", "Thu Jun 07 2012 23:27:56 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Wed Jul 18 2012 09:04:56 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Wed Aug 29 2012 14:06:17 GMT+1000 (AUS Eastern Standard T[...]
Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Wed Nov 07 2012 14:58:35 GMT+1100 (AUS Eastern Daylight T[...]
Deleted : user_pref("CT3072253.LastLogin_3.16.0.3", "Mon Feb 11 2013 17:08:00 GMT+1100 (AUS Eastern Daylight T[...]
Deleted : user_pref("CT3072253.LastLogin_3.18.0.7", "Wed Feb 20 2013 13:07:56 GMT+1100 (AUS Eastern Daylight T[...]
Deleted : user_pref("CT3072253.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT3072253.Locale", "en");
Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Ask.com");
Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Feb 20 2013 09:06:43 GMT+1100 (AUS Eastern D[...]
Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Wed Feb 20 2013 09:06:43 GMT+1100 (AUS Eastern Dayli[...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Wed Feb 20 2013 13:07:51 GMT+1100 (AUS Eastern Dayligh[...]
Deleted : user_pref("CT3072253.SettingsLastUpdate", "1361287517");
Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Jul 21 2012 16:57:09 GMT+1000 (AUS Eastern[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3072253.UserID", "UN71038051789782125");
Deleted : user_pref("CT3072253.ValidationData_Search", 2);
Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Deleted : user_pref("CT3072253.autoDisableScopes", -1);
Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "34");
Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423638303132393533313037345F46697265666F78")[...]
Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "4155");
Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "4155");
Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "4672692041707220313320323031322031363A35303A31322[...]
Deleted : user_pref("CT3072253.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7472616E736C6174652E676F6F676C6[...]
Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Jul 20 2012 13:46:01 GMT+1000 (AUS East[...]
Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3072253.myStuffEnabled", true);
Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Wed Feb 20 2013 09:06:47 GMT+1100 (AUS Easte[...]
Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Jul 23 2012 17:53:27 GMT+1000 (AUS Easte[...]
Deleted : user_pref("CT3072253.usagesFlag", 2);
Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1ODgwNTg3NCwidXVpZCI6MzIyNDY1MTM0NjQ1ODQ5LCJ[...]
Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3220468.UserID", "UN12178348110676274");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3220468.cbcountry_001.enc", "QVU=");
Deleted : user_pref("CT3220468.cbfirsttime.enc", "U2F0IEphbiAxOSAyMDEzIDIxOjE3OjA0IEdNVCsxMTAwIChBVVMgRWFzdGVy[...]
Deleted : user_pref("CT3220468.defaultSearch", "true");
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.homepageuserchanged", true);
Deleted : user_pref("CT3220468.installType", "xpe");
Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.keyword", true);
Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3220468.lastVersion", "10.14.65.43");
Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforums.malwareby[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "false");
Deleted : user_pref("CT3220468.revertSettingsEnabled", "false");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358590623277");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1358747620750");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358590623620");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358655806620");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359587292091");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360979571587");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361323196757");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358590623667");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1358719478851");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1361323196110");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358590623580");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1361336054028");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1361323196247");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.homepage", true);
Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "19-1-2013");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "20-2-2013");
Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3Nicy5uc2stc3lzLmNvbS90cmFjay90cmFmZmljLnBocD9j[...]
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/AU", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5ce[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\qaz\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Deleted : user_pref("CommunityToolbar.globalUserId", "1a4a3ed2-fd44-4c48-bf53-74a27d49755c");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 23 2012 17:53:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 27 2012 14:45:48 GMT+100[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 27 2012 14:45:40 GMT+1000 (A[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "56934e1c-d493-4b9f-975e-e015a3874314");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com.au/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "uTorrentControl_v2 Customized Web Search");
Deleted : user_pref("extensions.5109b8b30b4e3.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "UDOTAI6R+5POQUY0TVVQEKYFFXENEUD0/NFFINTBVHF3LRAVSDPD9PHJE8FTAVBPL/9[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.google.com.au/");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Deleted : user_pref("smartbar.originalSearchEngine", "AVG Secure Search");
-\\ Google Chrome v24.0.1312.57
File : C:\Users\qaz\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : icon_url ={"backup":{"session":{"urls_to_restore_on_startup":["hxxp://search.conduit.com/?ctid=CT3220468&Searc[...]
*************************
AdwCleaner[R1].txt - [69722 octets] - [20/02/2013 15:55:17]
AdwCleaner[s1].txt - [38807 octets] - [20/02/2013 15:57:03]
########## EOF - C:\AdwCleaner[s1].txt - [38868 octets] ##########
-
Results of screen317's Security Check version 0.99.58
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Watch Live! Anti-Virus
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.149
Mozilla Firefox (for.)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Hi
My first request is for a process to remove the above.
Have run Malawarebytes many time with no luck.
Hope you can help!
PUM.userwload and Trojan .Ransom
in Resolved Malware Removal Logs
Posted
Thanks again Gringo.
I am most grateful for your time and the great result.
Happy to donate and have done so.
Cheers
Phil