Jump to content

browser wont open? task manager wont open? help!


Recommended Posts

hello there i do alot of downloading and i have descoverd that when i start my computer it wont let me open any of my web browsers and only some apilcations i have run the malwarebytes program and removed some threts but still dosent work when i pulled m internet cable out the browser opened with out a problem but obviousley didnt load any web pages pleae help !

Link to post
Share on other sites

Hello ob125 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow my instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

Conduit Engine

MagniPic

uTorrentBar Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 4

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
  • a new fresh DDS log

Link to post
Share on other sites

hey sorry here you go

:attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

.

Boot Device: \Device\HarddiskVolume1

Install Date: 4/19/2011 5:39:28 PM

System Uptime: 4/21/2013 8:30:26 AM (0 hours ago)

.

Motherboard: ASRock | | N68-S3 UCC

Processor: AMD Phenom II X4 840 Processor | CPUSocket | 3214/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 1166.035 GiB free.

D: is CDROM ()

K: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS5.1

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Battlelog Web Plugins

Bonjour

CaptureWizPro 5.40

CCleaner

Core Temp 1.0 RC4

CustoPackTools

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DiRT 3

DVDFab 8.1.3.8 (09/12/2011) Qt

eReg

ESN Sonar

EVGA Precision X 3.0.3

Farming Simulator 2011

FL Studio 10

Free YouTube Download version 3.1.39.1015

Free YouTube to MP3 Converter version 3.12.0.128

Google Chrome

Google Update Helper

GTA San Andreas

High-Definition Video Playback

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

iTunes

Java Auto Updater

Java 6 Update 35

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

Logitech SetPoint 6.52

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

MotoHelper 2.0.51 Driver 5.2.0

MotoHelper MergeModules

Motorola Mobile Drivers Installation 5.2.0

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

MyFreeCodec

Nero 10 Movie ThemePack Basic

Nero Core Components 10

Nero Dolby Files 10

Nero Kwik Media

Nero Update

NeroKwikMedia Help (CHM)

neroxml

NVIDIA 3D Vision Controller Driver 305.57

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Drivers

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0613

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OpenAL

Optical Disc Doctor

PC Disk Clone X x64 version 11.5

PDF Settings CS5

Pixillion Image Converter

Plane9 v1.7

Platform

PowerISO

R4

Rapture3D 2.4.8 Game

Registry Easy v5.6

Remote Control USB Driver

Roozz plugin 2.7.1

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Sideload Wonder Machine

Skype™ 6.2

Sniper Elite V2

Sound Blaster X-Fi MB

Spybot - Search & Destroy

SUPERAntiSpyware

swMSM

System Requirements Lab CYRI

Text-To-Speech-Runtime

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

VCRedistSetup

VIA Platform Device Manager

Virtual DJ Pro Full - Atomix Productions

VLC media player 1.1.10

Winamp

Winamp Detector Plug-in

Windows Live Sync

WinRAR 4.01 beta 1 (64-bit)

.

==== End Of File ===========================

:dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 1.6.0_35

Run by user at 8:48:32 on 2013-04-21

6.1.7601.1.1252.1.1033.18.6143.5367 [GMT 12:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {e746508c-f9c9-49dc-8642-4b58f97c3486} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [CubeDesktop] <no file>

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

uPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{19DD445A-37C1-4AD1-B904-06452C080B50} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{19DD445A-37C1-4AD1-B904-06452C080B50}\14E64627F696461405 : DHCPNameServer = 192.168.43.1

TCP: Interfaces\{4F70080E-DA8A-450F-9E08-2AAD871FAFAD} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{82061E17-94A4-4D04-B8C9-6667D2109507} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-Notify: WB - C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrn9jhsp.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: network.proxy.ftp - 83.177.194.223

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.http - 83.177.194.223

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 83.177.194.223

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 83.177.194.223

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Roozz\nproozz.dll

FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrn9jhsp.default\extensions\{e746508c-f9c9-49dc-8642-4b58f97c3486}\plugins\np-mswmp.dll

FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yrn9jhsp.default\extensions\{e746508c-f9c9-49dc-8642-4b58f97c3486}\plugins\npConduitFirefoxPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-20 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-20 701512]

S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-27 223088]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]

S2 Roozz Updater;Roozz Updater;C:\Program Files (x86)\Roozz\Updater.exe [2013-2-13 423936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-19 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-19 79360]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-10 102368]

S3 hwmobilehsn;High Speed USB Modem and USB Serial For Normal;C:\Windows\System32\drivers\hwmob01.sys [2011-12-27 120960]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-20 25928]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]

S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2011-3-31 30208]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]

S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-6-30 15176]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-4-19 79360]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-10 203104]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-4-19 1250816]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-22 1255736]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-04-20 20:35:36 -------- d-----w- C:\Windows\ERUNT

2013-04-20 20:35:28 -------- d-----w- C:\JRT

2013-04-20 08:33:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-04-20 08:33:41 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-04-20 07:30:23 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes

2013-04-20 07:30:16 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-20 07:30:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-20 07:30:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-20 06:46:41 -------- d-----w- C:\Program Files\CCleaner

2013-04-20 06:36:25 -------- d-----w- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com

2013-04-20 06:35:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-04-20 06:35:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-04-20 06:35:33 -------- d-----w- C:\Program Files\Registry Easy

2013-04-15 05:41:58 -------- d-----w- C:\Program Files (x86)\Rebellion

2013-04-14 19:22:34 -------- d-sh--w- C:\Boot

2013-04-13 11:00:14 53248 ----a-r- C:\Users\user\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2013-04-13 11:00:04 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2013-04-13 10:48:56 -------- d-----w- C:\Users\user\AppData\Roaming\Logishrd

2013-04-11 08:50:28 -------- d-----w- C:\ProgramData\MaguNiiPicc

2013-04-11 06:55:14 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-11 06:49:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-11 06:49:53 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-11 06:49:53 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-11 06:49:53 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-11 06:49:53 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-11 06:49:52 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-11 06:28:48 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-11 06:28:45 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-11 06:28:45 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-11 06:28:44 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-11 06:28:44 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-11 06:28:44 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-11 06:28:44 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-09 05:04:53 -------- d-----w- C:\Users\user\AppData\Roaming\DVDFab

2013-04-08 08:14:25 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-04-08 08:13:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-04-08 08:13:59 -------- d-----w- C:\Program Files\iTunes

2013-04-08 08:13:59 -------- d-----w- C:\Program Files\iPod

2013-04-08 08:13:59 -------- d-----w- C:\Program Files (x86)\iTunes

2013-04-01 05:37:30 -------- d-sh--w- C:\$RECYCLE.BIN

2013-04-01 01:08:44 -------- d-----w- C:\Program Files\PC Disk Clone X x64

.

==================== Find3M ====================

.

2013-03-14 03:24:28 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-14 03:24:28 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-17 03:10:11 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-01-25 08:25:53 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-01-25 08:25:53 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-01-25 08:25:24 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

.

============= FINISH: 8:48:56.38 ===============

:jrt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.8.6 (04.19.2013:1)

OS: Windows 7 Ultimate x64

Ran by user on Sun 04/21/2013 at 8:35:38.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Failed to delete: [Registry Key] hkey_current_user\software\datamngr

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings

Successfully deleted: [Registry Key] hkey_current_user\software\softonic

Successfully deleted: [Registry Key] hkey_current_user\software\startsearch

Successfully deleted: [Registry Key] hkey_current_user\software\yourfiledownloader

Successfully deleted: [Registry Key] hkey_local_machine\software\yourfiledownloader

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\sprotector

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sp global

Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sprotector

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786678

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

~~~ Files

Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\babylonupdater"

Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dvdvideosoftiehelpers"

Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\yourfiledownloader"

Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{02DB3281-EF53-4AA8-9014-F0F5FCA40C89}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{03F1A0C6-E563-4314-A19A-B4C3D7031937}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0403EA78-5F33-47E5-BF22-A6B6FBCB53CE}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{07C1DCA4-2DF5-4FB1-9984-17D9C2E7D61C}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{16E1F634-E04D-4179-B8F1-779A9652A155}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{176FBA17-01DA-4AA3-AFC3-808CAE8B0D1F}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1BD088E1-4889-4E34-9C84-C8DCA25D5354}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1DFE44C0-BADE-421B-8BFA-3D9B9D521AC5}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{292DA972-FB0A-47D5-8739-519D34106875}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{312ED32F-5C74-43B6-A868-33ACC673CD3C}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{32710B50-E5B1-4952-9544-A186A5B2EF3A}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3321CB35-1CDA-477D-A89E-5971DCEB4A69}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{36BE0146-A2B4-4FE0-8601-42A7342EC8BA}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{38C9605B-E022-4B0A-A74F-E593EAEAD941}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{437F8D05-C538-445A-8321-7EB1D5B64931}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5035A12D-B242-4DC3-A5DA-A65ECC0B6680}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{53736797-F2AB-4F5F-A21B-50B5CB66C20F}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{537666B5-91B9-48CE-811F-177B6FB02987}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{553C50FD-EDDD-4CB5-973F-011D0EED3A1D}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{57B71CD6-5A9E-4D2C-9F4E-E8DCCA85EDDC}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5CE4D7E9-D892-4DD9-B454-F4CAF6EDB1D2}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{60DB8704-C5A9-435E-ACCF-B96001D64D3B}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6526832B-AAD7-4D31-9524-CCE19F83FA5C}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6B2EE38B-928E-48FE-B8EB-E68CCE1C4F5C}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6C829D7B-D48C-4373-854E-30075CF1C928}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{70187ED4-EFDE-491F-8926-FC143B3F530B}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{745A7826-7DBB-424E-AF1E-7E4E3F21837B}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{769406F7-D9EC-41EC-B8E4-635F3CE6F9A4}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{77E3F42E-60ED-4496-9DCE-C579D1A38026}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{78CDC6D2-CCCA-43F1-9000-101366F7F78F}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{844A76EA-3042-4211-B600-0E248D7CD58E}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{85A836CE-475D-4DE3-8A02-F509B305DBC1}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{886961E9-136A-4C2C-83FD-070EC1ED1352}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{945DA847-20C8-467B-B13C-B7D352EFB0A5}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{94F5BC6E-729C-4044-9425-858BC55F868C}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{995046E3-D36F-4CBA-BBB4-8B4795346810}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9E037EC8-C781-4D16-94B2-ECA2FDD85402}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A319FC35-5A74-4D3F-A532-44CC822A7C15}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B1F3D1FA-0FE9-46CD-9115-171BA9DFDBC5}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B53AF861-357C-4683-82C1-25F14E3C987A}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B86FFCAA-D05B-4538-B06B-41A653242B48}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BAC93680-E5B8-4B53-82D1-B718668B4B8D}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C45ABFCB-9575-4DA8-ACC1-088ADEB73917}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C5E6857E-0996-4E89-BDCB-6D4833B01E70}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D0FF2324-CEDB-4695-8ACA-45E34EF79813}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D3B2CDB8-73E8-4AB3-BA4E-FA95DB0219D8}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D46CEDB7-55FF-4412-A0D5-3C8A5D8A46D4}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DC606AC5-E2F3-486F-BEF9-00A3E0DF3D32}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E397A185-AABE-4962-9E82-F1A7FE0241AB}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E7F40D37-566A-48D1-A879-2E2FC66F70B7}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E834A746-444E-47E3-829E-A39AE934C051}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E9EE6D4B-F392-4BAA-AB6B-466983877F00}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EA0986CA-F444-41B5-A12E-9086A5A3BE96}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F522F1DB-185B-4F91-B0D3-5F9F5C4E8D78}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F636CE18-D100-4216-9183-DE856CBC6DE9}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FA8676B9-4AC8-4D30-B36D-DCF61DD7FAFC}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FE69B159-3839-4175-A5A4-7D97668BFD87}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FE82606C-2C8B-4DF2-9EBB-6CB64C567736}

Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FF13AEFF-407F-411C-82DD-A1DC92FFF9CC}

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\user.js

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\searchplugins\askcom.xml

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\searchplugins\delta.xml

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\searchplugins\privitize.xml

Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\smartbar

Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}

Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\prefs.js

user_pref("CT3254077.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3254077&SearchSource=2&q=");

user_pref("CT3254077.installId", "setup_conduit.exe");

user_pref("CT3254077.installType", "conduitnsisintegration");

user_pref("CT3254077.isPerformedSmartBarTransition", "true");

user_pref("CT3254077.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3254077&octid=CT3254077&SearchSource=15&CUI=UN8450185606565007

user_pref("CT3254077.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearchou.com%2F%3Fid%3Dd6057bf2000000000000022522cd7a48\",\"EB_MAIN

user_pref("CT3254077.search.searchAppId", "129938008898099795");

user_pref("CT3254077.search.searchCount", "0");

user_pref("CT3254077.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://PrivitizeBar.OurToolbar.com//xpi\"}");

user_pref("CT3254077.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"PrivitizeBar\"}");

user_pref("CT3254077.smartbar.CTID", "CT3254077");

user_pref("CT3254077.smartbar.Uninstall", "0");

user_pref("CT3254077.smartbar.homepage", true);

user_pref("CT3254077.smartbar.toolbarName", "PrivitizeBar ");

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3254077&SearchSource=13&CUI=SB_CUI");

user_pref("Smartbar.ConduitSearchEngineList", "");

user_pref("Smartbar.ConduitSearchUrlList", "");

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bac26fdc4-8847-4b23-aa97-6d9ab1e89d82%7D&mid=ff8863daf5c547d0b0d3d16c642993bb-ad1491be2

user_pref("Smartbar.keywordURLSelectedCTID", "CT3254077");

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.selectedEngine", "Search The Web (privitize)");

user_pref("browser.startup.homepage", "hxxp://searchou.com/?id=d6057bf2000000000000022522cd7a48");

user_pref("extensions.BabylonToolbar.prtkDS", 0);

user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119370&tl=wgkn1262843&babsrc=NT_ss&mntrId=20a4d2f5000000000000022522cd7a48");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.dfltLng", "en");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.id", "20a4d2f5000000000000022522cd7a48");

user_pref("extensions.delta.instlDay", "15747");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.10.0");

user_pref("extensions.delta.vrsnTs", "1.8.10.017:27:48");

user_pref("extensions.delta.vrsni", "1.8.10.0");

user_pref("extensions.privitize.admin", false);

user_pref("extensions.privitize.aflt", "orgnl");

user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");

user_pref("extensions.privitize.autoRvrt", "false");

user_pref("extensions.privitize.dfltLng", "");

user_pref("extensions.privitize.dfltSrch", true);

user_pref("extensions.privitize.dnsErr", true);

user_pref("extensions.privitize.excTlbr", true);

user_pref("extensions.privitize.ffxUnstlRst", false);

user_pref("extensions.privitize.hmpg", true);

user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=d6057bf2000000000000022522cd7a48");

user_pref("extensions.privitize.hpOld0", "hxxp://search.conduit.com/?ctid=CT3254077&SearchSource=13&CUI=SB_CUI");

user_pref("extensions.privitize.id", "d6057bf2000000000000022522cd7a48");

user_pref("extensions.privitize.instlDay", "15806");

user_pref("extensions.privitize.instlRef", "");

user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=d6057bf2000000000000022522cd7a48");

user_pref("extensions.privitize.newTab", true);

user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=d6057bf2000000000000022522cd7a48");

user_pref("extensions.privitize.prdct", "privitize");

user_pref("extensions.privitize.prtnrId", "privitize");

user_pref("extensions.privitize.rvrt", "false");

user_pref("extensions.privitize.smplGrp", "none");

user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");

user_pref("extensions.privitize.tlbrId", "base");

user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=d6057bf2000000000000022522cd7a48&q=");

user_pref("extensions.privitize.vrsn", "1.8.16.22");

user_pref("extensions.privitize.vrsnTs", "1.8.16.2220:49:54");

user_pref("extensions.privitize.vrsni", "1.8.16.22");

user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3254077&SearchSource=2&CUI=UN84501856065650073&UM=UM_ID&q=");

user_pref("smartBar.searchInNewTabOwner", "CT3254077");

user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3254077&SearchSource=13&CUI=SB_CUI");

user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3254077&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT

user_pref("smartbar.originalHomepage", "about:home");

user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid=%7Bac26fdc4-8847-4b23-aa97-6d9ab1e89d82%7D&mid=ff8863daf5c547d0b0d3d16c642993bb-ad1491be2ce6c

user_pref("smartbar.originalSearchEngine", "Ask.com");

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\yrn9jhsp.default\minidumps [149 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 04/21/2013 at 8:39:18.40

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

: malwarebytes

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.20.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

user :: ORION-PC [administrator]

Protection: Disabled

4/21/2013 8:40:07 AM

mbam-log-2013-04-21 (08-40-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 263258

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

:rk

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : user [Admin rights]

Mode : Scan -- Date : 04/21/2013 08:45:56

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][bLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND

[TASK][sUSP PATH] MagniPicUpdaterTask{A6E6F3F6-4362-46ED-A2CD-3D8CA8A82E42}.job : C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini" [x] -> FOUND

[PROXY FF] yrn9jhsp.default\ 83.177.194.223:8080 -> FOUND

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20 EZRX-00DC0B0 SCSI Disk Device +++++

--- User ---

[MBR] db009d81757718def50a36f62969e6ca

[bSP] c521d4fc1adc84d91c68b5ad01740c67 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: USB FLASH DRIVE USB Device +++++

--- User ---

[MBR] 2f8866a2a7e9ebbec63182f01dc73397

[bSP] caecca69392c6f08abcd1a8a7d783627 : MBR Code unknown

Partition table:

0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo

1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo

2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo

3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_04212013_02d0845.txt >>

RKreport[1]_S_04212013_02d0845.txt

Link to post
Share on other sites

Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.