Jump to content

Coupondropdown (only fb spam and tags)


Vrighty

Recommended Posts

Hello,

First of all: i have already found a few topics about the Coupodropdown but none actually had the same problem as me.

The problem i have with coupondropdown:

Each time when i am viewing a picture/message on facebook he keeps spamming the line ''Ads by Coupondropdown'' just above the messages. Besides that i think he is also the cause of the none stop refreshing every sec.

Another problem (i think it is the same) he is giving me is randomly change words into tags. When i click them they redirect me to sites that sell stuff ect ect. Besides the clicking part, when i hold my mouse above the tag i get a picture of the site it will bring me to.

I have already done:

-a Malwarebytes and AVG run but he didnt found any,

-removed cookies/downloads with CCleaner,

-checked my program list for unwanted programs for uninstal (suggested on mulitple forums like this),

-Checked Google chrome adds to remove Coupondropdown, it wasnt there (also suggested on multiple forums)

anything else i can do to remove it? I am a bit of a newbie with advance computer tricks. So i havent tried the save mode yet and remove some files, dont want to mess up any;)

Thanks a lot for any usefull answers:D

Greets

Vrighty

Link to post
Share on other sites

Hello Vrighty and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello,

Thanks for your responce:D I will follow your steps.

This is my latest log file of Malware(it is in dutch, sorry):

------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversie: 4434

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

15-8-2010 22:53:53

mbam-log-2010-08-15 (22-53-53).txt

Scantype: Snelle scan

Objecten gescand: 136388

Verstreken tijd: 7 minuut/minuten, 8 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 7

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\Users\Koen\AppData\Local\Temp\C1F6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Koen\AppData\Local\Temp\7B2C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\Users\Koen\AppData\Roaming\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Koen\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

------------------------------------------------------------------

after this, i still had problems with Coupondropdown. I have read the following steps. But b4 i download anything i realy want to know what i am downloading xD. I hope you understand=]

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please let me know.

Link to post
Share on other sites

I dont think i got the whole croupondropdown. Because he isnt sending me to unwanted sites unless i click the banners... only a bit of spamming and those tags.

Still it is pretty annoying and i would like to have it removed. Dont worry, i wont do any banking/important stuff on this computer just to be sure.

Link to post
Share on other sites

Sorry, forgot you wanted them posted them with copy/paste.

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3-7-2008 0:38:28

System Uptime: 22-11-2012 12:09:19 (4 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | M51SE

Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | Socket 478 | 1000/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 26,268 GiB free.

D: is FIXED (NTFS) - 107 GiB total, 29,514 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

1ClickDownloader

Aangifte inkomstenbelasting 2010

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.1.2 - Nederlands

Agere Systems HDA Modem

Akamai NetSession Interface

Akamai NetSession Interface Service

ASUS CopyProtect

ASUS InstantFun

ASUS LifeFrame3

ASUS Live Update

ASUS Security Protect Manager

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

Asus_Camera_ScreenSaver

ATI Catalyst Install Manager

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

µTorrent

AuthenTec Fingerprint Sensor Minimum Install

AutoCAD 2008 - English

Autodesk DWF Viewer 7

AVG Free 9.0

Call of Duty

Call of Duty - United Offensive

Canon Easy-WebPrint EX

Canon iP4700 series Printer Driver

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-Branding

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CD-LabelPrint

Creeper World DEMO

CyberLink LabelPrint

DAEMON Tools Lite

DAEMON Tools Toolbar

Delft GeoSystems Common Files

DWG TrueView 2010

Gebruikersregistratie voor Canon iP4700 series

Google Chrome

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® PROSet/Wireless Software

Intel® Matrix Storage Manager

ITRWoW 3.2.2a

Java Auto Updater

Java 6 Update 37

JMB36X Raid Configurer

Junk Mail filter update

LightScribe System Software 1.12.37.1

Malwarebytes' Anti-Malware

mCore

mDriver

mHelp

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (Dutch) 2007

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Project 2007 Service Pack 3 (SP3)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual Basic Power Packs 3.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

mMHouse

Mozilla Firefox (3.6.18)

mPfMgr

MSheet

MSVCRT

NB Probe

OGA Notifier 2.0.0048.0

P4P

Power2Go

Power4Gear eXtreme

RAIDar 4.1.3

Realtek High Definition Audio Driver

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

RocketDock 1.3.5

SecureW2 EAP Suite 1.1.2 for Windows

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skins

Skype web features

Skype™ 5.10

Softonic_English Toolbar

Spotify

Stronghold Kingdoms

Synaptics Pointing Device Driver

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

TeamSpeak 3 Client

TeamViewer 4

TorrentMan Toolbar

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

USB 2.0 1.3M UVC WebCam

VBA

VLC media player 1.0.1

Winamp

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

WinFlash

WinRAR

WinZip 12.0

Wireless Console 2

Yontoo 1.10.02

.

==== End Of File ===========================

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37

Run by Koen at 16:02:40 on 2012-11-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1515 [GMT 1:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Windows\System32\ACEngSvr.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ASUS\ATK Media\DMedia.exe

C:\Program Files\P4P\P4P.exe

C:\Windows\ASScrPro.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\conime.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\System32\svchost.exe -k Cognizance

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k Akamai

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026

uDefault_Page_URL = hxxp://www.asus.com

mDefault_Page_URL = hxxp://www.asus.com

uProxyOverride = 127.0.0.1:9421;<local>

uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll

uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll

mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll

mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll

BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: ASUS Security Protect Manager: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll

TB: TorrentMan Toolbar: {7C5C0F58-E061-457D-9033-77307F5ED00C} - c:\program files\torrentman\tbTorr.dll

TB: Softonic English Toolbar: {930F1200-F5F1-4870-BAC6-E233EC8E7023} - c:\program files\softonic_english\tbSoft.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll

TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [Akamai NetSession Interface] "c:\users\koen\appdata\local\akamai\netsession_win.exe"

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun

uRun: [badoo Desktop] c:\programdata\badoo\badoo desktop\1.6.55.1183\Badoo.Desktop.exe

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE

mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"

mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe

mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe

mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab

TCP: NameServer = 213.46.228.196 62.179.104.196

TCP: Interfaces\{F54F85D5-1994-4009-B495-A8277868EBCB} : DHCPNameServer = 213.46.228.196 62.179.104.196

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

AppInit_DLLs= APSHook.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli ASWLNPkg

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\koen\appdata\roaming\mozilla\firefox\profiles\9t0tliyt.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=KW_ss&mntrId=226b3e1200000000000000221528e026&q=

FF - component: c:\users\koen\appdata\roaming\mozilla\firefox\profiles\9t0tliyt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\npjpi160_35.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=226b3e1200000000000000221528e026&q=

FF - user.js: extensions.BabylonToolbar.id - 226b3e1200000000000000221528e026

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15586

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1219:56:24

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=3612_6

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extentions.y2layers.installId - 74be9997-943b-4ad6-9fd0-adba258ee303

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube,YontooNewOffers

.

FF - user.js: extensions.autoDisableScopes - 14

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-30 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-30 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-30 243152]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]

R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]

R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-30 308136]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2012-11-18 16:59:44 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-18 16:58:33 2047488 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-11-22 11:10:26 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-10-09 10:58:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 10:58:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-24 13:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll

2011-04-08 14:28:29 3050664 ----a-w- c:\program files\ccsetup305.exe

2010-03-25 18:07:14 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe

.

============= FINISH: 16:04:13,32 ===============

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

µTorrent

Softonic_English Toolbar

TorrentMan Toolbar

Yontoo 1.10.02

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Rkill to your desktop. There are two main different versions. If one of them won't run then download and try to run the other one. You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

  1. Double-click on the Rkill desktop icon to run the tool.
  2. If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  3. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  4. If not, delete the file, then download and use the second RKill version. Do not reboot until instructed. If the tool does not run from any of the links provided, please let me know.
  5. When the scan is done Notepad will open with rKill log. Post it in your next reply.

NOTE: rKill.txt log will also be present on your desktop.

Step 4

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next reply, post the following log files:

  • JunkWare Removal Tool log
  • RKill log
  • ComboFix log

Link to post
Share on other sites

I removed all files. Only Yontoo gave me some trobble. First attempt gave an error and AVG popped up with a message ''Tarma installer'' was being annoying. I removed it manualy and Yontoo got removed (i think).

I couldnt shut down AVG antivir and anispyware... there was just no button on AVG to temp close it-,-.

JUNKWARE:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.4.8 (11.22.2012)

OS: Windows Vista Home Premium x86

Ran by Koen on vr 23-11-2012 at 19:18:07,13

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3040196533-823620445-3569254780-1000\software\microsoft\internet explorer\main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"

Successfully deleted: [Registry Key] "hkey_current_user\software\babylontoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"

Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"

Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"

Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\Users\Koen\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Koen\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\yontoo"

~~~ FireFox

Successfully deleted: [File] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\user.js

Successfully deleted: [File] C:\user.js

Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\ffxtlbr@babylon.com

Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\oneclickdownload@oneclickdownload.com

Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\plugin@yontoo.com

Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

Successfully deleted: [File] "C:\Program Files\mozilla firefox\searchplugins"\babylon.xml

Successfully deleted the following from "C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\prefs.js"

user_pref("CT1142338.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT1142338.AllowNonPrivacy", false);

user_pref("CT1142338.CTID", "CT1142338");

user_pref("CT1142338.CTPBaseServerUrl", "http://grouping.services.conduit.com/");

user_pref("CT1142338.CommunityChanged", false);

user_pref("CT1142338.CurrentServerDate", "20-3-2010");

user_pref("CT1142338.DialogsAlignMode", "LTR");

user_pref("CT1142338.EMailNotifierPollDate", "Sat Mar 20 2010 12:24:49 GMT+0100");

user_pref("CT1142338.FeedLastCount128311388426518939", 383);

user_pref("CT1142338.FeedPollDate128400382093694199", "Sat Mar 20 2010 12:24:47 GMT+0100");

user_pref("CT1142338.FeedPollDate128400382093694200", "Sat Mar 20 2010 12:24:47 GMT+0100");

user_pref("CT1142338.FeedPollDate128400382093694201", "Sat Mar 20 2010 12:24:47 GMT+0100");

user_pref("CT1142338.FeedPollDate128400382093694202", "Sat Mar 20 2010 12:24:48 GMT+0100");

user_pref("CT1142338.FeedPollDate128400382093694203", "Sat Mar 20 2010 12:24:48 GMT+0100");

user_pref("CT1142338.FeedPollDate128400382093694204", "Sat Mar 20 2010 12:24:48 GMT+0100");

user_pref("CT1142338.FeedPollDate128795189875412541", "Sat Mar 20 2010 14:24:49 GMT+0100");

user_pref("CT1142338.FeedPollDate128795190048693893", "Sat Mar 20 2010 14:24:49 GMT+0100");

user_pref("CT1142338.FeedPollDate128795190288694224", "Sat Mar 20 2010 12:24:48 GMT+0100");

user_pref("CT1142338.FeedPollDate128795190536975738", "Sat Mar 20 2010 14:24:49 GMT+0100");

user_pref("CT1142338.FeedPollDate128795190743694609", "Sat Mar 20 2010 14:24:49 GMT+0100");

user_pref("CT1142338.FeedPollDate128795190874007232", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795191041350439", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795191313381778", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795191487444304", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795191630569465", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795191790100333", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795191910256261", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795192020569087", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedPollDate128795192359788404", "Sat Mar 20 2010 14:24:50 GMT+0100");

user_pref("CT1142338.FeedTTL128795190288694224", 1440);

user_pref("CT1142338.FeedTTL128795190874007232", 15);

user_pref("CT1142338.FeedTTL128795191313381778", 10);

user_pref("CT1142338.FeedTTL128795192020569087", 5);

user_pref("CT1142338.FirstServerDate", "20-3-2010");

user_pref("CT1142338.FirstTime", true);

user_pref("CT1142338.FirstTimeFF3", true);

user_pref("CT1142338.FixPageNotFoundErrors", true);

user_pref("CT1142338.FixPageNotFoundUrl", "http://SoftonicEnglish.OurToolbar.com/notfound/?actid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&url=EB_MAIN_FRAME_URL");

user_pref("CT1142338.GroupingServerCheckInterval", 1440);

user_pref("CT1142338.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT1142338.Initialize", true);

user_pref("CT1142338.InitializeCommonPrefs", true);

user_pref("CT1142338.InvalidateCache", false);

user_pref("CT1142338.IsGrouping", false);

user_pref("CT1142338.IsMulticommunity", false);

user_pref("CT1142338.IsOpenThankYouPage", true);

user_pref("CT1142338.IsOpenUninstallPage", true);

user_pref("CT1142338.LanguagePackLastCheckTime", "Sat Mar 20 2010 12:24:48 GMT+0100");

user_pref("CT1142338.LanguagePackReloadInterval", "24");

user_pref("CT1142338.LanguagePackReloadIntervalMM", 1440);

user_pref("CT1142338.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT1142338.LastLogin", "Fri Apr 17 2009 18:38:39 GMT+0200");

user_pref("CT1142338.LastLogin_2.5.6.0", "Sat Mar 20 2010 12:24:47 GMT+0100");

user_pref("CT1142338.LatestVersion", "2.1.0.18");

user_pref("CT1142338.Locale", "en-us");

user_pref("CT1142338.LoginCache", 4);

user_pref("CT1142338.MCDetectTooltipHeight", "83");

user_pref("CT1142338.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT1142338.MCDetectTooltipWidth", "295");

user_pref("CT1142338.MyGadgetsServerUrl", "http://services.MyStuff.u-page.com/MyStuffService.asmx/LegacyLogin");

user_pref("CT1142338.MyGadgetsTrustedDomains", "u-page.com");

user_pref("CT1142338.RadioIsPodcast", false);

user_pref("CT1142338.RadioLastCheckTime", "Sat Mar 20 2010 12:24:47 GMT+0100");

user_pref("CT1142338.RadioLastUpdateIPServer", "3");

user_pref("CT1142338.RadioLastUpdateServer", "128929877726170000");

user_pref("CT1142338.RadioMediaID", "6866669");

user_pref("CT1142338.RadioMediaType", "Media Player");

user_pref("CT1142338.RadioMenuSelectedID", "EBRadioMenu_CT11423386866669");

user_pref("CT1142338.RadioStationName", "MTV");

user_pref("CT1142338.RadioStationURL", "http://www.radios.com.br/asx/dmtvgo-br.asx");

user_pref("CT1142338.SHRINK_TOOLBAR", 1);

user_pref("CT1142338.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1142338&octid=EB_ORIGINAL_CTID");

user_pref("CT1142338.SearchFromAddressBarIsInit", true);

user_pref("CT1142338.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=");

user_pref("CT1142338.SearchInNewTabEnabled", true);

user_pref("CT1142338.SearchInNewTabIntervalMM", 1440);

user_pref("CT1142338.SearchInNewTabLastCheckTime", "Sat Mar 20 2010 12:24:49 GMT+0100");

user_pref("CT1142338.SearchInNewTabServiceUrl", "http://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT1142338.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

user_pref("CT1142338.Server", "http://users.conduit.com");

user_pref("CT1142338.SettingsCheckIntervalMin", 120);

user_pref("CT1142338.SettingsInvalidateCache", false);

user_pref("CT1142338.SettingsLastCheckTime", "Sat Mar 20 2010 12:24:46 GMT+0100");

user_pref("CT1142338.SettingsLastUpdate", "1268899490");

user_pref("CT1142338.ThirdPartyComponentsInterval", 504);

user_pref("CT1142338.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 12:24:46 GMT+0100");

user_pref("CT1142338.ThirdPartyComponentsLastUpdate", "1268899490");

user_pref("CT1142338.ToolbarAlignMode", "SYSTEM");

user_pref("CT1142338.ToolbarName", "Softonic English");

user_pref("CT1142338.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");

user_pref("CT1142338.UserID", "UN20090417183838862");

user_pref("CT1142338.VusualLastUpdateTime", "1236942811");

user_pref("CT1142338.WeatherNetwork", "");

user_pref("CT1142338.WeatherPollDate", "Sat Mar 20 2010 12:24:48 GMT+0100");

user_pref("CT1142338.WeatherUnit", "C");

user_pref("CT1142338.alertChannelId", "634");

user_pref("CT1142338.clientLogIsEnabled", true);

user_pref("CT1142338.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT1142338.myStuffEnabled", true);

user_pref("CT1142338.myStuffPublihserMinWidth", 400);

user_pref("CT1142338.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT1142338.myStuffServiceIntervalMM", 1440);

user_pref("CT1142338.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT1142338.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT1640187.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT1640187.AllowNonPrivacy", false);

user_pref("CT1640187.CTID", "CT1640187");

user_pref("CT1640187.CTPBaseServerUrl", "http://grouping.services.conduit.com/");

user_pref("CT1640187.CommunityChanged", false);

user_pref("CT1640187.CurrentServerDate", "20-3-2010");

user_pref("CT1640187.DialogsAlignMode", "LTR");

user_pref("CT1640187.EMailNotifierPollDate", "Sat Mar 20 2010 12:24:53 GMT+0100");

user_pref("CT1640187.EnableUsage", true);

user_pref("CT1640187.FeedLastCount128540215162575518", 200);

user_pref("CT1640187.FeedPollDate128779600725843963", "Sat Mar 20 2010 14:24:51 GMT+0100");

user_pref("CT1640187.FeedPollDate128779601561937848", "Sat Mar 20 2010 14:24:51 GMT+0100");

user_pref("CT1640187.FeedPollDate128779602135218837", "Sat Mar 20 2010 14:24:51 GMT+0100");

user_pref("CT1640187.FeedPollDate128779602603813070", "Sat Mar 20 2010 12:24:52 GMT+0100");

user_pref("CT1640187.FeedPollDate128779602899750840", "Sat Mar 20 2010 12:24:52 GMT+0100");

user_pref("CT1640187.FeedPollDate128779603139437656", "Sat Mar 20 2010 12:24:52 GMT+0100");

user_pref("CT1640187.FirstServerDate", "20-3-2010");

user_pref("CT1640187.FirstTime", true);

user_pref("CT1640187.FirstTimeFF3", true);

user_pref("CT1640187.FixPageNotFoundErrors", false);

user_pref("CT1640187.GroupingServerCheckInterval", 1440);

user_pref("CT1640187.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT1640187.Initialize", true);

user_pref("CT1640187.InitializeCommonPrefs", true);

user_pref("CT1640187.InstalledDate", "Sat Mar 20 2010 12:24:52 GMT+0100");

user_pref("CT1640187.InvalidateCache", false);

user_pref("CT1640187.IsGrouping", false);

user_pref("CT1640187.IsMulticommunity", false);

user_pref("CT1640187.LanguagePackLastCheckTime", "Sat Mar 20 2010 12:24:52 GMT+0100");

user_pref("CT1640187.LanguagePackReloadInterval", "24");

user_pref("CT1640187.LanguagePackReloadIntervalMM", 1440);

user_pref("CT1640187.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT1640187.LastLogin", "Fri Apr 17 2009 17:42:57 GMT+0200");

user_pref("CT1640187.LastLogin_2.5.6.0", "Sat Mar 20 2010 12:24:51 GMT+0100");

user_pref("CT1640187.LatestVersion", "2.1.0.18");

user_pref("CT1640187.Locale", "en-us");

user_pref("CT1640187.LoginCache", 4);

user_pref("CT1640187.MCDetectTooltipHeight", "83");

user_pref("CT1640187.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT1640187.MCDetectTooltipWidth", "295");

user_pref("CT1640187.RadioIsPodcast", false);

user_pref("CT1640187.RadioLastCheckTime", "Sat Mar 20 2010 12:24:51 GMT+0100");

user_pref("CT1640187.RadioLastUpdateIPServer", "3");

user_pref("CT1640187.RadioLastUpdateServer", "128929877726170000");

user_pref("CT1640187.RadioMediaType", "Media Player");

user_pref("CT1640187.RadioMenuSelectedID", "EBRadioMenu_CT164018710984132");

user_pref("CT1640187.RadioStationName", "181%20Rock%20on%20181.FM");

user_pref("CT1640187.RadioStationURL", "http://www.181.fm/stream/asx/181-rock");

user_pref("CT1640187.SHRINK_TOOLBAR", 1);

user_pref("CT1640187.SearchFromAddressBarIsInit", true);

user_pref("CT1640187.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=2&q=");

user_pref("CT1640187.SearchInNewTabEnabled", true);

user_pref("CT1640187.SearchInNewTabIntervalMM", 1440);

user_pref("CT1640187.SearchInNewTabServiceUrl", "http://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT1640187.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

user_pref("CT1640187.Server", "http://users.conduit.com");

user_pref("CT1640187.SettingsCheckIntervalMin", 120);

user_pref("CT1640187.SettingsLastCheckTime", "Sat Mar 20 2010 12:24:50 GMT+0100");

user_pref("CT1640187.SettingsLastUpdate", "1239882342");

user_pref("CT1640187.ThirdPartyComponentsInterval", 504);

user_pref("CT1640187.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 12:24:50 GMT+0100");

user_pref("CT1640187.ThirdPartyComponentsLastUpdate", "1267806643");

user_pref("CT1640187.ToolbarAlignMode", "SYSTEM");

user_pref("CT1640187.ToolbarName", "TorrentMan");

user_pref("CT1640187.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");

user_pref("CT1640187.UserID", "UN20090417174257058");

user_pref("CT1640187.VusualLastUpdateTime", "1239882342");

user_pref("CT1640187.WeatherNetwork", "");

user_pref("CT1640187.WeatherPollDate", "Sat Mar 20 2010 12:24:52 GMT+0100");

user_pref("CT1640187.WeatherUnit", "C");

user_pref("CT1640187.alertChannelId", "45107");

user_pref("CT1640187.clientLogIsEnabled", false);

user_pref("CT1640187.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT1640187.myStuffEnabled", true);

user_pref("CT1640187.myStuffPublihserMinWidth", 400);

user_pref("CT1640187.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT1640187.myStuffServiceIntervalMM", 1440);

user_pref("CT1640187.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT1640187.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");

user_pref("CommunityToolbar.ToolbarsList", "CT1142338,CT1640187");

user_pref("CommunityToolbar.ToolbarsList2", "CT1142338");

user_pref("CommunityToolbar.alert.alertInfoInterval", 60);

user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 20 2010 14:24:51 GMT+0100");

user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");

user_pref("CommunityToolbar.alert.locale", "en");

user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 20 2010 12:24:46 GMT+0100");

user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");

user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");

user_pref("CommunityToolbar.alert.showTrayIcon", false);

user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.alert.userId", "{1818bed1-b1ba-4db3-99ca-54a258a260f2}");

user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Mar 20 2010 12:24:50 GMT+0100");

user_pref("browser.newtab.url", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=NT_ss&mntrId=226b3e1200000000000000221528e026");

user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=");

user_pref("browser.search.order.1", "Search the web (Babylon)");

user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026");

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.babExt", "");

user_pref("extensions.BabylonToolbar.babTrack", "affID=109217&tt=3612_6");

user_pref("extensions.BabylonToolbar.bbDpng", "7");

user_pref("extensions.BabylonToolbar.cntry", "NL");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.envrmnt", "production");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.hdrMd5", "D297B6E1EA8223314E1A39CDD2818B43");

user_pref("extensions.BabylonToolbar.hmpg", true);

user_pref("extensions.BabylonToolbar.id", "226b3e1200000000000000221528e026");

user_pref("extensions.BabylonToolbar.instlDay", "15586");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1219:56:24");

user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

user_pref("extensions.BabylonToolbar.newTab", false);

user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.sg", "none");

user_pref("extensions.BabylonToolbar.smplGrp", "none");

user_pref("extensions.BabylonToolbar.srcExt", "ss");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=226b3e1200000000000000221528e026&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1219:56:24");

user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=3612_6");

user_pref("extensions.BabylonToolbar_i.newTab", false);

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:56:24");

user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube,YontooNewOffers");

user_pref("extentions.y2layers.installId", "74be9997-943b-4ad6-9fd0-adba258ee303");

user_pref("keyword.URL", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=KW_ss&mntrId=226b3e1200000000000000221528e026&q=");

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Koen\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc

Successfully deleted: [Folder] C:\Users\Koen\appdata\local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on vr 23-11-2012 at 19:25:33,49

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RKILL:

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/23/2012 07:30:30 PM in x86 mode.

Windows Version: Windows Vista Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\ACEngSvr.exe (PID: 2928) [WD-HEUR]

* C:\Windows\ASScrPro.exe (PID: 4344) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

::1 localhost

Program finished at: 11/23/2012 07:30:55 PM

Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)

COMBOFIX

ComboFix 12-11-23.02 - Koen 23-11-2012 19:48:55.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1603 [GMT 1:00]

Gestart vanuit: c:\users\Koen\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\SecureW2

c:\program files\SecureW2\Uninstall.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk

c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk

c:\users\Koen\AppData\Local\TempDIR

c:\users\Koen\AppData\Local\Windows Server

c:\users\Koen\AppData\Local\Windows Server\flags.ini

c:\users\Koen\AppData\Local\Windows Server\server.dat

c:\users\Koen\AppData\Local\Windows Server\uses32.dat

D:\install.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))

.

.

2012-11-23 19:14 . 2012-11-23 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-23 18:17 . 2012-11-23 18:17 -------- d-----w- c:\windows\ERUNT

2012-11-23 18:17 . 2012-11-23 18:17 -------- d-----w- C:\JRT

2012-11-18 16:59 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-18 16:58 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-23 19:38 . 2008-07-03 00:20 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-10-09 10:58 . 2012-04-09 08:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 10:58 . 2011-05-27 07:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-24 13:32 . 2012-06-21 09:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-24 13:32 . 2010-04-18 15:08 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-13 13:28 . 2012-10-10 10:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-29 11:27 . 2012-10-10 10:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27 . 2012-10-10 10:28 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-08 14:28 . 2011-04-08 14:28 3050664 ----a-w- c:\program files\ccsetup305.exe

2010-03-25 18:07 . 2010-03-25 18:06 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"Akamai NetSession Interface"="c:\users\Koen\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208]

"Skytel"="Skytel.exe" [2007-08-03 1826816]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]

"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]

"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-07-03 37232]

"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-07-03 33136]

"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\APSHook.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

Akamai REG_MULTI_SZ Akamai

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:58]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 14:28]

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 14:28]

.

2012-11-23 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

.

2012-10-31 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab

FF - ProfilePath - c:\users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

.

.

------- Bestandsassociaties -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe

AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-23 20:39

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(2540)

c:\windows\system32\APSHook.dll

c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\AVG\AVG9\avgwdsvc.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\ASUS\NB Probe\SPM\spmgr.exe

c:\program files\TeamViewer\Version4\TeamViewer_Service.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe

c:\program files\ASUS\SmartLogon\sensorsrv.exe

c:\program files\ATK Hotkey\Hcontrol.exe

c:\program files\ATKOSD2\ATKOSD2.exe

c:\program files\Wireless Console 2\wcourier.exe

c:\program files\ASUS\ASUS CopyProtect\aspg.exe

c:\program files\P4G\BatteryLife.exe

c:\program files\ASUS\Splendid\ACMON.exe

c:\windows\System32\ACEngSvr.exe

c:\windows\system32\conime.exe

c:\program files\ATK Hotkey\ATKOSD.exe

c:\program files\ATK Hotkey\KBFiltr.exe

c:\program files\ATK Hotkey\WDC.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Voltooingstijd: 2012-11-23 20:42:46 - machine werd herstart

ComboFix-quarantined-files.txt 2012-11-23 19:42

.

Pre-Run: 28.189.061.120 bytes beschikbaar

Post-Run: 27.987.021.824 bytes beschikbaar

.

- - End Of File - - A1A77A456CF97A2A70C8A2C5D03F65A1

Link to post
Share on other sites

Thanks! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.