Jump to content

Recommended Posts

Attach

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1

Run by lol at 16:59:47 on 2013-03-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8172.5808 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

A:\Bin\QQ.exe

C:\Users\lol\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

A:\Bin\TXPlatform.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\AIM\aim.exe

A:\Steam\steam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Users\lol\Downloads\RogueKiller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchnu.com/406

mStart Page = about:blank

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: QQ?????????: {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [QQ2009] "A:\Bin\QQ.exe" /background

uRun: [Google Update] "C:\Users\lol\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [F.lux] "C:\Users\lol\Local Settings\Apps\F.lux\flux.exe" /noshow

uRun: [Audio Kontrol 1] C:\Program Files (x86)\Native Instruments\Audio Kontrol 1\Audio Kontrol 1.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRunOnce: [Malwarebytes Anti-Malware] A:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOLREC~1.LNK - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{69F9D82D-6952-454E-99D0-A87E8A21FD53} : DHCPNameServer = 192.168.1.1

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\shell32.dll

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5646809238784249&o=APN10645&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll

FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll

FF - plugin: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\Users\lol\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll

FF - plugin: C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: C:\Users\lol\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\lol\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\lol\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\npdeployJava1.dll

FF - plugin: C:\Windows\System32\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 ARUpdate;Tencent SOSO Update Service;C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe [2012-3-17 116088]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-1-17 6383920]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-3-4 126952]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-3-4 390632]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-8-19 4865568]

R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-12-8 32344]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-8 471144]

S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;A:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 398184]

S2 MBAMService;MBAMService;A:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 682344]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 ak1avs;Audio Kontrol 1 WDM Audio;C:\Windows\System32\drivers\ak1avs.sys [2011-4-11 358480]

S3 ak1usb_svc;Audio Kontrol 1;C:\Windows\System32\drivers\ak1usb.sys [2011-4-11 98384]

S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-8 46136]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-11 24176]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-3-14 20992]

S3 SynasUSB;SynasUSB;C:\Windows\System32\drivers\synUSB64.sys [2012-12-19 31248]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-8 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-8 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\notepad.exe %1

FileExt: .chm: chm.file="hh.exe" %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2013-03-04 20:55:34 -------- d-----w- C:\Users\lol\AppData\Local\Programs

2013-02-22 20:09:54 -------- d-----w- C:\Users\lol\AppData\Local\TERA

2013-02-22 19:56:14 -------- d-----w- C:\ProgramData\HappyCloud

2013-02-20 17:18:32 -------- dc-h--w- C:\ProgramData\{3B9A3AE3-5BE1-4645-A31C-753724255564}

2013-02-20 17:18:30 -------- d-----w- C:\Program Files\Native Instruments

.

==================== Find3M ====================

.

2013-01-27 22:00:08 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-01-27 22:00:08 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-01-27 21:59:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-19 20:40:31 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-07 21:48:02 1714176 ----a-w- C:\Windows\System32\synsoacc.dll

2012-12-07 21:48:02 1277952 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

.

============= FINISH: 16:59:56.50 ===============

DDS

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 12/8/2011 3:07:59 AM

System Uptime: 3/4/2013 1:22:31 PM (3 hours ago)

.

Motherboard: ASRock | | 970 Extreme4

Processor: AMD FX-4100 Quad-Core Processor | CPUSocket | 3600/200mhz

.

==== Disk Partitions =========================

.

A: is FIXED (NTFS) - 466 GiB total, 86.796 GiB free.

C: is FIXED (NTFS) - 112 GiB total, 2.145 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP305: 2/22/2013 2:57:07 PM - Installed DirectX

RP306: 3/3/2013 9:59:39 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

??QQ2011

µTorrent

ËÑË÷¸üзþÎñ

СÃÉÌñ

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AIM 7

AMD VISION Engine Control Center

Apple Application Support

Asmedia ASM104x USB 3.0 Host Controller Driver

Audacity 2.0

Battlefield 3™

Battlelog Web Plugins

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Call of Duty: Modern Warfare 3 - Multiplayer

CameraHelperMsi

Canon Easy-PhotoPrint EX

Canon Easy-PhotoPrint Pro

Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data

Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MG6200 series MP Drivers

Canon MG6200 series On-screen Manual

Canon MG6200 series User Registration

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

D3DX10

Dead Space™ 2

Download Updater (AOL LLC)

DYNA Font

eLicenser Control

erLT

ESN Sonar

F.lux

Google Earth

Google Talk Plugin

Google Update Helper

Guitar Pro 6

Happy Cloud Client

IEËÑË÷ÖúÊÖ

Java Auto Updater

Java 7 Update 3

JavaFX 2.0.3

League of Legends

Logitech Vid HD

Logitech Webcam Software

LOLReplay

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.70.0.1100

Media Player Classic - Home Cinema 1.6.0.4014

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MidiEditor

Mozilla Firefox 19.0 (x86 en-US)

MSVCRT

Native Instruments Controller Editor

Origin

PakkISO 0.4

PCSX2 - Playstation 2 Emulator

PunkBuster Services

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Click to Call

Skype™ 6.0

Star Wars: The Old Republic

StarCraft II

Steam

Steinberg Cubase LE 4

Synthesia

TERA

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Warcraft III

Windows Installer Clean Up

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Movie Maker 2.6

WinRAR 4.11 (32-bit)

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

3/4/2013 1:22:41 PM, Error: Service Control Manager [7000] - The AODDriver4.2 service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : lol [Admin rights]

Mode : Scan -- Date : 03/05/2013 16:46:22

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[TASK][sUSP PATH] {31E78B38-036D-4A2A-ADAE-34B29BB52F28} : C:\Users\lol\Desktop\Audio Kontrol 1 Setup PC.exe [7] -> FOUND

[TASK][sUSP PATH] {E616BF13-15F2-4BD9-8577-4C629C8117B2} : C:\Users\lol\Desktop\Audio Kontrol 1 Setup PC.exe [7] -> FOUND

[TASK][sUSP PATH] {FB1D65ED-8C0D-494E-864F-0D62016627D6} : C:\Users\lol\Desktop\Audio Kontrol 1 Setup PC.exe [7] -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++

--- User ---

[MBR] ceaf6fdf0b5b5c25820a4ccffcb7070b

[bSP] 23ad5a5cc00b9688cd84c9c6cebc9194 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: OCZ-AGILITY3 ATA Device +++++

--- User ---

[MBR] 24638dee11e0dc6b9eff63ad80302d26

[bSP] 5f9ddeac9baa8becba41d25d2a4b1e33 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03052013_02d1646.txt >>

RKreport[1]_S_03052013_02d1646.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.04.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

lol :: LOL-PC [administrator]

Protection: Enabled

3/4/2013 3:56:16 PM

mbam-log-2013-03-04 (15-56-16).txt

Scan type: Full scan (A:\|C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 471419

Time elapsed: 30 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I removed these 3 threats and restarted computer but still experiencing a lot of adware

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

Link to post
Share on other sites

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 17:44:57

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : lol - LOL-PC

# Boot Mode : Normal

# Running from : C:\Users\lol\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Found : C:\Users\lol\AppData\Local\Temp\Uninstall.exe

File Found : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\searchplugins\Search_Results.xml

Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\lol\AppData\Local\Conduit

Folder Found : C:\Users\lol\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}

Folder Found : C:\Users\lol\AppData\Local\Temp\CT3220468

Folder Found : C:\Users\lol\AppData\LocalLow\Conduit

Folder Found : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\CT3220468

Folder Found : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Found : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\Smartbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\TENCENT

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\TENCENT

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\iLividSRTB

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\Software\TENCENT

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\prefs.js

Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2MjUxNzM1NywidXVpZCI6MzcyNTY3MzkzMzYyODkxLCJ[...]

Found : user_pref("CT3220468.CBOpenMAMSettings", "0");

Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Found : user_pref("CT3220468.FirstTime", "true");

Found : user_pref("CT3220468.FirstTimeFF3", "true");

Found : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");

Found : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");

Found : user_pref("CT3220468.UserID", "UN47563184656723434");

Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Found : user_pref("CT3220468.autoDisableScopes", -1);

Found : user_pref("CT3220468.cb_experience_000", "2702");

Found : user_pref("CT3220468.cb_firstuse0100", "1");

Found : user_pref("CT3220468.cbcountry_001", "US");

Found : user_pref("CT3220468.cbfirsttime.enc", "RnJpIFNlcCAyOCAyMDEyIDE2OjA1OjU5IEdNVC0wNDAwIChFYXN0ZXJuIERh[...]

Found : user_pref("CT3220468.defaultSearch", "FALSE");

Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Found : user_pref("CT3220468.enableAlerts", "always");

Found : user_pref("CT3220468.enableFix404ByUser", "FALSE");

Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");

Found : user_pref("CT3220468.firstTimeDialogOpened", "true");

Found : user_pref("CT3220468.fixPageNotFoundError", "true");

Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");

Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Found : user_pref("CT3220468.fixUrls", true);

Found : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]

Found : user_pref("CT3220468.installId", "fft3D71.tmp.exe");

Found : user_pref("CT3220468.installType", "XPE");

Found : user_pref("CT3220468.isCheckedStartAsHidden", true);

Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

Found : user_pref("CT3220468.isNewTabEnabled", false);

Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Found : user_pref("CT3220468.lastVersion", "10.14.65.43");

Found : user_pref("CT3220468.mam_gk_CouponBuddy_appState.enc", "b2Zm");

Found : user_pref("CT3220468.mam_gk_PriceGong_appState.enc", "b2Zm");

Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2MjUyMDAwNjg5Mg==");

Found : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]

Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "ZmFsc2U=");

Found : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]

Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjMuMQ==");

Found : user_pref("CT3220468.mam_gk_eventsCache.enc", "eyIzZTJhY2Q3YS00NWQ5LTQ3OWUtODFkMC0wM2M4MDRmNDExZDAiO[...]

Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");

Found : user_pref("CT3220468.mam_gk_gadgetOpen.enc", "MQ==");

Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2MjUyMDAwNjg1Mw==");

Found : user_pref("CT3220468.mam_gk_lastSettingsOpen.enc", "eyJzZXR0aW5nc1BhZ2VGdWxsVXJsIjoiaHR0cDovL2FwcC5t[...]

Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]

Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Found : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]

Found : user_pref("CT3220468.mam_gk_showCloseButton.enc", "ZmFsc2U=");

Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");

Found : user_pref("CT3220468.mam_gk_userId.enc", "ZmM5OGFmMDAtNmE3MS00NWEwLTlhOTItNDQ0MDYxMTU0OWFm");

Found : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");

Found : user_pref("CT3220468.migrateAppsAndComponents", true);

Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"my free time to help\",\"EB_MAIN[...]

Found : user_pref("CT3220468.openThankYouPage", "true");

Found : user_pref("CT3220468.openUninstallPage", "FALSE");

Found : user_pref("CT3220468.price-gong.isManagedApp", "true");

Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Found : user_pref("CT3220468.search.searchCount", "0");

Found : user_pref("CT3220468.searchInNewTabEnabled", "false");

Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");

Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362429123965");

Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1362457031767");

Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362429123910");

Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1362515523686");

Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354773240507");

Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362518247891");

Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362429123940");

Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1362515523707");

Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1362515523643");

Found : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1362515523921");

Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362429123883");

Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1362518247812");

Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1362515523853");

Found : user_pref("CT3220468.settingsINI", true);

Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Found : user_pref("CT3220468.smartbar.Uninstall", "0");

Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Found : user_pref("CT3220468.startPage", "userChanged");

Found : user_pref("CT3220468.toolbarBornServerTime", "28-9-2012");

Found : user_pref("CT3220468.toolbarCurrentServerTime", "6-3-2013");

Found : user_pref("CT3220468.upgradeFromClearSBVersion", true);

Found : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3d3dy5mYWNlYm9vay5jb20vaG9tZS5waHA/IyEvcGFnZXMv[...]

Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn[...]

*************************

AdwCleaner[R1].txt - [13554 octets] - [05/03/2013 17:44:57]

########## EOF - C:\AdwCleaner[R1].txt - [13615 octets] ##########

Link to post
Share on other sites

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then.........

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 18:09:05

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : lol - LOL-PC

# Boot Mode : Normal

# Running from : C:\Users\lol\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\lol\AppData\Local\Temp\Zynga

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

File Deleted : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\searchplugins\Search_Results.xml

Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\lol\AppData\Local\Conduit

Folder Deleted : C:\Users\lol\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}

Folder Deleted : C:\Users\lol\AppData\Local\Temp\CT3220468

Folder Deleted : C:\Users\lol\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\CT3220468

Folder Deleted : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Deleted : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\TENCENT

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\TENCENT

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\iLividSRTB

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\lol\AppData\Roaming\Mozilla\Firefox\Profiles\3m4fwu3a.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2MjUxNzM1NywidXVpZCI6MzcyNTY3MzkzMzYyODkxLCJ[...]

Deleted : user_pref("CT3220468.CBOpenMAMSettings", "0");

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3220468.FirstTime", "true");

Deleted : user_pref("CT3220468.FirstTimeFF3", "true");

Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");

Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");

Deleted : user_pref("CT3220468.UserID", "UN47563184656723434");

Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3220468.autoDisableScopes", -1);

Deleted : user_pref("CT3220468.cb_experience_000", "2702");

Deleted : user_pref("CT3220468.cb_firstuse0100", "1");

Deleted : user_pref("CT3220468.cbcountry_001", "US");

Deleted : user_pref("CT3220468.cbfirsttime.enc", "RnJpIFNlcCAyOCAyMDEyIDE2OjA1OjU5IEdNVC0wNDAwIChFYXN0ZXJuIERh[...]

Deleted : user_pref("CT3220468.defaultSearch", "FALSE");

Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3220468.enableAlerts", "always");

Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");

Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");

Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3220468.fixUrls", true);

Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]

Deleted : user_pref("CT3220468.installId", "fft3D71.tmp.exe");

Deleted : user_pref("CT3220468.installType", "XPE");

Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);

Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");

Deleted : user_pref("CT3220468.isNewTabEnabled", false);

Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.lastVersion", "10.14.65.43");

Deleted : user_pref("CT3220468.mam_gk_CouponBuddy_appState.enc", "b2Zm");

Deleted : user_pref("CT3220468.mam_gk_PriceGong_appState.enc", "b2Zm");

Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2MjUyMDAwNjg5Mg==");

Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]

Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "ZmFsc2U=");

Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]

Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjMuMQ==");

Deleted : user_pref("CT3220468.mam_gk_eventsCache.enc", "eyIzZTJhY2Q3YS00NWQ5LTQ3OWUtODFkMC0wM2M4MDRmNDExZDAiO[...]

Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");

Deleted : user_pref("CT3220468.mam_gk_gadgetOpen.enc", "MQ==");

Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2MjUyMDAwNjg1Mw==");

Deleted : user_pref("CT3220468.mam_gk_lastSettingsOpen.enc", "eyJzZXR0aW5nc1BhZ2VGdWxsVXJsIjoiaHR0cDovL2FwcC5t[...]

Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]

Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]

Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "ZmFsc2U=");

Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");

Deleted : user_pref("CT3220468.mam_gk_userId.enc", "ZmM5OGFmMDAtNmE3MS00NWEwLTlhOTItNDQ0MDYxMTU0OWFm");

Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");

Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);

Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"e p\",\"EB_MAIN_FRAME_URL\":\"ht[...]

Deleted : user_pref("CT3220468.openThankYouPage", "true");

Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");

Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true");

Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Deleted : user_pref("CT3220468.search.searchCount", "0");

Deleted : user_pref("CT3220468.searchInNewTabEnabled", "false");

Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");

Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362429123965");

Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1362457031767");

Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362429123910");

Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1362515523686");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354773240507");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362518247891");

Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362429123940");

Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1362515523707");

Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1362515523643");

Deleted : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1362515523921");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362429123883");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1362518247812");

Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1362515523853");

Deleted : user_pref("CT3220468.settingsINI", true);

Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");

Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Deleted : user_pref("CT3220468.startPage", "userChanged");

Deleted : user_pref("CT3220468.toolbarBornServerTime", "28-9-2012");

Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "6-3-2013");

Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);

Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3d3dy5mYWNlYm9vay5jb20vaG9tZS5waHA/IyEvcGFnZXMv[...]

Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn[...]

*************************

AdwCleaner[R1].txt - [13675 octets] - [05/03/2013 17:44:57]

AdwCleaner[s1].txt - [13973 octets] - [05/03/2013 18:09:05]

########## EOF - C:\AdwCleaner[s1].txt - [14034 octets] ##########

Link to post
Share on other sites

Don't seem to have the adware now. Everything is fine now. Here's the log of the quick scan

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.05.13

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

lol :: LOL-PC [administrator]

Protection: Enabled

3/5/2013 6:11:48 PM

mbam-log-2013-03-05 (18-11-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226306

Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.60

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

JavaFX 2.0.3

Java 7 Update 3

Java version out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (19.0)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 23% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 7 Update 3 <---please update, should be Update 17

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

Adobe Flash Player 11.4.402.287 Flash Player out of Date! <---please check for an update if available

Adobe Reader 10.1.3 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

--------------------------------------------------------

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.