Jump to content

Recommended Posts

Hello everyone.

I'm working on a coworker of mine's labtop. It's an hp pavilion g6. He has the moneypack virus and I'm struggling mightily with this one.

Here's all the info I know. It's a windows 8 machine but I'm not sure if it's 32 bit or 64 bit, and I can't get anywhere in there to find out. It only has one user account, which is infected. I tried booting into safemode with a command prompt to get into the control panel to make a new user account. Getting into the control panel worked, but making a new user account was unsuccessful (did I mention I can't stand Windows 8?)

The primary user of this computer is an 8 or 9 year old boy who downloads things indiscriminately. I've uninstalled countless toolbars and other such things that bog down this computer in the past. All I can say for sure is that his computer initially got "locked down" whilst playing Minecraft, though I don't think the game had anything to do with it.

Logging into safe mode or safe mode with networking isn't really working. Any help would be greatly appreciated.

Link to post
Share on other sites

Welcome to the forum, here's how we deal with that malware:

  1. Please download Farbar Recovery Scan Tool and save it to a flash drive.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    Plug the flash drive into the infected PC.
  2. If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
    If you are using Vista or Windows 7 enter System Recovery Options.
    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

[*]On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
      Select Command Prompt
      Once in the Command Prompt:

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

Link to post
Share on other sites

Hello MrCharlie! Thank you for taking the time to help me. Here is the log you requested.

HKU\DABERTE\...\Run: [GoogleChromeAutoLaunch_A5F1AA371BE16006C730E088B4C6AAB8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [1312720 2013-04-09] (Google Inc.)

HKU\DABERTE\...\Run: [GenieoUpdaterService] "C:\Users\DABERTE\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [291680 2013-03-20] ()

HKU\DABERTE\...\Run: [GenieoSystemTray] "C:\Users\DABERTE\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [529248 2013-03-20] ()

HKU\DABERTE\...\Run: [internet Security] C:\Users\DABERTE\AppData\Roaming\amsecure.exe [x]

HKU\DABERTE\...\Winlogon: [shell] cmd.exe [404992 2012-07-25] (Microsoft Corporation) <==== ATTENTION

Startup: C:\Users\DABERTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-04-08] (Just Develop It)

S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()

S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148664 2013-01-31] (AVG)

S2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-04-14] ()

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)

S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)

S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)

S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)

S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-18 21:12 - 2013-05-18 21:12 - 00000000 ____D C:\FRST

2013-05-15 20:35 - 2013-05-15 20:35 - 00000000 __SHD C:\found.000

2013-05-14 15:55 - 2013-05-14 15:56 - 00000796 ____A C:\Windows\setupact.log

2013-05-14 15:55 - 2013-05-14 15:55 - 00000000 ____A C:\Windows\setuperr.log

2013-05-13 15:11 - 2013-05-13 15:11 - 01096059 ____A C:\Users\DABERTE\AppData\Roaming\2433f433

2013-05-13 15:11 - 2013-05-13 15:11 - 01096050 ____A C:\ProgramData\2433f433

2013-05-13 15:11 - 2013-05-13 15:11 - 01096031 ____A C:\Users\DABERTE\AppData\Local\2433f433

2013-05-12 08:01 - 2013-05-12 08:01 - 00000783 ____A C:\Users\DABERTE\Desktop\Internet Security 2013.lnk

2013-05-09 18:01 - 2013-05-09 18:01 - 01172913 ____A C:\Users\DABERTE\Downloads\PixelPerfection.zip

2013-05-08 18:20 - 2013-05-08 18:20 - 00002212 ____A C:\Users\DABERTE\Desktop\Genieo.lnk

2013-05-08 18:07 - 2013-05-18 18:07 - 00000400 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Notification.job

2013-05-08 18:07 - 2013-05-18 16:04 - 00000398 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Startup.job

2013-05-08 18:07 - 2013-05-08 18:07 - 00002048 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Fighters

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\ProgramData\W3i

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Program Files (x86)\W3i

2013-05-08 18:06 - 2013-05-08 18:06 - 00000958 ____A C:\Users\Public\Desktop\7-zip.lnk

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\WeCareReminder

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\Fighters

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files\Fighters

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\Fighters

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\7-zip

2013-05-08 18:05 - 2013-05-08 18:06 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Genieo

2013-05-08 18:05 - 2013-05-08 18:05 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802 (1).exe

2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Users\DABERTE\AppData\Local\getsav-in

2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\ProgramData\APN

2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Program Files (x86)\SearchDonkey

2013-05-08 18:03 - 2013-05-08 18:03 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802.exe

2013-05-02 19:13 - 2013-05-02 19:13 - 12641239 ____A C:\Users\DABERTE\Downloads\GerudokuFaithful.zip

2013-05-02 19:10 - 2013-05-02 19:10 - 01482036 ____A C:\Users\DABERTE\Downloads\TheEnd_3.zip

2013-05-02 13:49 - 2013-05-02 13:49 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (2).zip

2013-05-02 13:40 - 2013-05-02 13:40 - 00048271 ____A C:\Users\DABERTE\Downloads\BACR v3,4 MC1,5,1.zip

2013-05-02 13:29 - 2013-05-02 13:29 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (1).zip

2013-05-02 13:12 - 2013-05-02 13:13 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1.zip

2013-05-01 18:56 - 2013-05-01 18:56 - 16179840 ____A C:\Users\DABERTE\Downloads\Soartex_Fanver.zip

2013-05-01 13:03 - 2013-05-01 13:03 - 03389422 ____A C:\Users\DABERTE\Downloads\YoshisIsland_5.zip

2013-04-30 12:58 - 2013-04-30 12:59 - 11122263 ____A C:\Users\DABERTE\Downloads\JohnSmithLegacy.zip

2013-04-29 15:39 - 2013-04-29 15:39 - 00002225 ____A C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2013-04-29 15:39 - 2013-04-29 15:39 - 00002177 ____A C:\Users\Public\Desktop\AVG PC TuneUp.lnk

2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\AVG

2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Program Files (x86)\AVG

2013-04-29 15:39 - 2013-01-31 12:44 - 00035640 ____A (AVG) C:\Windows\System32\TURegOpt.exe

2013-04-29 15:39 - 2013-01-31 12:44 - 00026936 ____A (AVG) C:\Windows\System32\authuitu.dll

2013-04-29 15:39 - 2013-01-31 12:44 - 00022328 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll

2013-04-29 15:38 - 2013-04-29 15:39 - 00000000 ____D C:\ProgramData\AVG

2013-04-29 15:38 - 2013-04-29 15:38 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-04-29 15:34 - 2013-04-29 15:34 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\PC Speed Maximizer

2013-04-29 15:19 - 2013-04-29 15:19 - 00001117 ____A C:\Users\DABERTE\Desktop\PC Speed Maximizer.lnk

2013-04-29 15:19 - 2013-04-29 15:19 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer

2013-04-29 15:17 - 2013-04-29 15:34 - 65812970 ____A C:\Users\DABERTE\Downloads\Slender_v0_9_7.zip

2013-04-28 14:49 - 2013-04-28 14:49 - 02409392 ____A C:\Users\DABERTE\Downloads\MineWars_3.zip

2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe

2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe

2013-04-28 13:57 - 2013-04-28 13:57 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (3).zip

2013-04-28 13:52 - 2013-04-28 13:52 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak (1).zip

2013-04-28 13:50 - 2013-04-28 13:50 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak.zip

2013-04-21 17:53 - 2013-04-21 17:53 - 00001120 ____A C:\Users\DABERTE\Desktop\Continue Minecraft Installation.lnk

2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\PainterlyPack.zip

2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (2).zip

2013-04-21 15:20 - 2013-04-21 15:20 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful.zip

2013-04-21 15:14 - 2013-04-21 15:14 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (1).zip

2013-04-20 11:21 - 2013-04-20 11:21 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2013-05-18 21:12 - 2013-05-18 21:12 - 00000000 ____D C:\FRST

2013-05-18 18:07 - 2013-05-08 18:07 - 00000400 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Notification.job

2013-05-18 18:06 - 2012-07-25 23:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-18 17:00 - 2013-04-01 15:57 - 01558935 ____A C:\Windows\WindowsUpdate.log

2013-05-18 16:54 - 2012-07-25 23:28 - 00941050 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-18 16:05 - 2012-07-25 21:26 - 00262144 __ASH C:\Windows\System32\config\BBI

2013-05-18 16:04 - 2013-05-08 18:07 - 00000398 ____A C:\Windows\Tasks\SLOW-PCfighter64-DABERTE-Startup.job

2013-05-18 16:04 - 2013-04-14 15:51 - 00000392 ____A C:\Windows\Tasks\SmartPCFix Task.job

2013-05-18 16:02 - 2013-01-29 20:27 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-15 20:35 - 2013-05-15 20:35 - 00000000 __SHD C:\found.000

2013-05-15 18:01 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru

2013-05-15 17:57 - 2012-12-27 02:09 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 17:49 - 2013-01-29 20:27 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-14 15:56 - 2013-05-14 15:55 - 00000796 ____A C:\Windows\setupact.log

2013-05-14 15:55 - 2013-05-14 15:55 - 00000000 ____A C:\Windows\setuperr.log

2013-05-13 15:11 - 2013-05-13 15:11 - 01096059 ____A C:\Users\DABERTE\AppData\Roaming\2433f433

2013-05-13 15:11 - 2013-05-13 15:11 - 01096050 ____A C:\ProgramData\2433f433

2013-05-13 15:11 - 2013-05-13 15:11 - 01096031 ____A C:\Users\DABERTE\AppData\Local\2433f433

2013-05-13 14:56 - 2013-03-31 14:16 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\.minecraft

2013-05-12 08:01 - 2013-05-12 08:01 - 00000783 ____A C:\Users\DABERTE\Desktop\Internet Security 2013.lnk

2013-05-10 13:56 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-05-09 18:01 - 2013-05-09 18:01 - 01172913 ____A C:\Users\DABERTE\Downloads\PixelPerfection.zip

2013-05-08 18:20 - 2013-05-08 18:20 - 00002212 ____A C:\Users\DABERTE\Desktop\Genieo.lnk

2013-05-08 18:07 - 2013-05-08 18:07 - 00002048 ____A C:\Users\Public\Desktop\SLOW-PCfighter.lnk

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Fighters

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\ProgramData\W3i

2013-05-08 18:07 - 2013-05-08 18:07 - 00000000 ____D C:\Program Files (x86)\W3i

2013-05-08 18:06 - 2013-05-08 18:06 - 00000958 ____A C:\Users\Public\Desktop\7-zip.lnk

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\WeCareReminder

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\ProgramData\Fighters

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files\Fighters

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\Fighters

2013-05-08 18:06 - 2013-05-08 18:06 - 00000000 ____D C:\Program Files (x86)\7-zip

2013-05-08 18:06 - 2013-05-08 18:05 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\Genieo

2013-05-08 18:05 - 2013-05-08 18:05 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802 (1).exe

2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Users\DABERTE\AppData\Local\getsav-in

2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\ProgramData\APN

2013-05-08 18:05 - 2013-05-08 18:05 - 00000000 ____D C:\Program Files (x86)\SearchDonkey

2013-05-08 18:05 - 2013-02-02 15:38 - 00000000 ____A C:\END

2013-05-08 18:03 - 2013-05-08 18:03 - 01611344 ____A (InstallX, LLC) C:\Users\DABERTE\Downloads\7zip_installer_d162802.exe

2013-05-02 19:13 - 2013-05-02 19:13 - 12641239 ____A C:\Users\DABERTE\Downloads\GerudokuFaithful.zip

2013-05-02 19:10 - 2013-05-02 19:10 - 01482036 ____A C:\Users\DABERTE\Downloads\TheEnd_3.zip

2013-05-02 13:49 - 2013-05-02 13:49 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (2).zip

2013-05-02 13:40 - 2013-05-02 13:40 - 00048271 ____A C:\Users\DABERTE\Downloads\BACR v3,4 MC1,5,1.zip

2013-05-02 13:29 - 2013-05-02 13:29 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1 (1).zip

2013-05-02 13:13 - 2013-05-02 13:12 - 00025706 ____A C:\Users\DABERTE\Downloads\BetterAnimationsCollectionV1.zip

2013-05-02 07:29 - 2013-01-20 09:16 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-01 18:56 - 2013-05-01 18:56 - 16179840 ____A C:\Users\DABERTE\Downloads\Soartex_Fanver.zip

2013-05-01 14:19 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache

2013-05-01 13:03 - 2013-05-01 13:03 - 03389422 ____A C:\Users\DABERTE\Downloads\YoshisIsland_5.zip

2013-04-30 12:59 - 2013-04-30 12:58 - 11122263 ____A C:\Users\DABERTE\Downloads\JohnSmithLegacy.zip

2013-04-29 17:38 - 2012-12-24 19:30 - 00000000 ____D C:\Users\DABERTE\AppData\Local\VirtualStore

2013-04-29 15:39 - 2013-04-29 15:39 - 00002225 ____A C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2013-04-29 15:39 - 2013-04-29 15:39 - 00002177 ____A C:\Users\Public\Desktop\AVG PC TuneUp.lnk

2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\AVG

2013-04-29 15:39 - 2013-04-29 15:39 - 00000000 ____D C:\Program Files (x86)\AVG

2013-04-29 15:39 - 2013-04-29 15:38 - 00000000 ____D C:\ProgramData\AVG

2013-04-29 15:38 - 2013-04-29 15:38 - 00000000 __SHD C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-04-29 15:34 - 2013-04-29 15:34 - 00000000 ____D C:\Users\DABERTE\AppData\Roaming\PC Speed Maximizer

2013-04-29 15:34 - 2013-04-29 15:17 - 65812970 ____A C:\Users\DABERTE\Downloads\Slender_v0_9_7.zip

2013-04-29 15:19 - 2013-04-29 15:19 - 00001117 ____A C:\Users\DABERTE\Desktop\PC Speed Maximizer.lnk

2013-04-29 15:19 - 2013-04-29 15:19 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer

2013-04-28 14:49 - 2013-04-28 14:49 - 02409392 ____A C:\Users\DABERTE\Downloads\MineWars_3.zip

2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe

2013-04-28 14:28 - 2013-04-28 14:28 - 00757568 ____A C:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe

2013-04-28 13:57 - 2013-04-28 13:57 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (3).zip

2013-04-28 13:52 - 2013-04-28 13:52 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak (1).zip

2013-04-28 13:50 - 2013-04-28 13:50 - 00865433 ____A C:\Users\DABERTE\Downloads\legopak.zip

2013-04-21 17:53 - 2013-04-21 17:53 - 00001120 ____A C:\Users\DABERTE\Desktop\Continue Minecraft Installation.lnk

2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\PainterlyPack.zip

2013-04-21 17:52 - 2013-04-21 17:52 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (2).zip

2013-04-21 15:20 - 2013-04-21 15:20 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful.zip

2013-04-21 15:14 - 2013-04-21 15:14 - 03000948 ____A C:\Users\DABERTE\Downloads\Faithful (1).zip

2013-04-20 11:23 - 2013-03-31 14:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-04-20 11:21 - 2013-04-20 11:21 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT

Other Malware:

===========

C:\ProgramData\ntuser.dat

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-22 16:32:08

Restore point made on: 2013-05-06 14:41:40

Restore point made on: 2013-05-14 16:09:43

Restore point made on: 2013-05-14 16:12:04

Restore point made on: 2013-05-14 16:24:00

Restore point made on: 2013-05-15 16:58:35

Restore point made on: 2013-05-15 16:59:55

Restore point made on: 2013-05-15 17:02:35

Restore point made on: 2013-05-15 17:23:54

Restore point made on: 2013-05-15 17:57:35

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 3554.26 MB

Available physical RAM: 2912.91 MB

Total Pagefile: 3554.26 MB

Available Pagefile: 2922.72 MB

Total Virtual: 8192 MB

Available Virtual: 8191.87 MB

==================== Drives ================================

Drive a: (WINRE) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1)

Drive c: () (Fixed) (Total:570.04 GB) (Free:518.13 GB) NTFS (Disk=0 Partition=4) ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:25.36 GB) (Free:3.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (WDO_Media64) (Removable) (Total:1.96 GB) (Free:1.92 GB) NTFS (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 596 GB) (Disk ID: 3D867707)

Partition: GPT Partition Type

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: 00231BBB)

Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)

Last Boot: 2013-05-12 15:54

==================== End Of Log ============================

Link to post
Share on other sites

I'm, basing my fixlist.txt on the log you posted, but your log is missing the header which means it's possible you didn't copy back all of the lines in the registry.

~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, here you go......this should get you going:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now and if so..........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

About the header, I did notice that my log didn't look quite like other logs people were posting. I ran it a second time to see if I had missed something. Then after your comment, I ran it again this morning just to see. Every time that is the result it gave me.

However, it was a sucess, I was able to log into the computer. It found 4 objects on the first scan, none on the second.

On a side note, holy cow this computer has a lot of junk on it again. I've cleaned this thing up more than once. Maybe it's time for a lesson on internet browsing and not installing every toolbar and junk program that you come across.

Anyway, onto the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-05-2013

Ran by SYSTEM at 2013-05-19 08:09:27 Run:1

Running from E:\

Boot Mode: Recovery

==============================================

HKEY_USERS\DABERTE\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully.

HKEY_USERS\DABERTE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

C:\Users\DABERTE\AppData\Roaming\2433f433 => Moved successfully.

C:\ProgramData\2433f433 => Moved successfully.

C:\Users\DABERTE\AppData\Local\2433f433 => Moved successfully.

C:\Users\DABERTE\Desktop\Internet Security 2013.lnk => Moved successfully.

C:\ProgramData\ntuser.dat => Moved successfully.

==== End of Fixlog ====

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.05.19.05

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

DABERTE :: DYLAN [administrator]

5/19/2013 8:59:14 AM

mbar-log-2013-05-19 (08-59-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 7260

Time elapsed: 38 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

c:\Users\DABERTE\AppData\Local\Temp\F5A5.tmp (Trojan.Krypt) -> Delete on reboot.

c:\Users\DABERTE\AppData\Local\Temp\FC79.tmp (Trojan.Krypt) -> Delete on reboot.

c:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe (PUP.DownloadAdmin) -> Delete on reboot.

c:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe (PUP.DownloadAdmin) -> Delete on reboot.

(end)

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.05.19.06

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16540

DABERTE :: DYLAN [administrator]

5/19/2013 9:36:39 AM

mbar-log-2013-05-19 (09-36-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 7231

Time elapsed: 26 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.896000 GHz

Memory total: 3726909440, free: 2180608000

------------ Kernel report ------------

05/19/2013 08:19:31

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\amd_sata.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\amd_xata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\WdFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\System32\drivers\wd.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\System32\drivers\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\System32\drivers\WirelessButtonDriver64.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\athw8x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\RtsP2Stor.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\system32\drivers\AtihdW86.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\appexDrv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys

\SystemRoot\System32\drivers\umpass.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\drivers\USBSTOR.SYS

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\drivers\WpdUpFltr.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80045ab740

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000005d\

Lower Device Object: 0xfffffa80045b5060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8005358060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000039\

Lower Device Object: 0xfffffa8005160060

Lower Device Driver Name: \Driver\amd_sata\

Driver name found: amd_sata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.05.19.05

Downloaded database version: v2013.05.14.03

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8005358060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005358b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005358060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8005268980, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa800515cb20, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa8005160060, DeviceName: \Device\00000039\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8a00b9313c0, 0xfffffa8005358060, 0xfffffa80046aa090

Lower DeviceData: 0xfffff8a00cb29590, 0xfffffa8005160060, 0xfffffa80045f9250

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 3D867707

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 1250263727

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 732450444

GPT Header CurrentLba = 1 BackupLba 1250263727

GPT Header FirstUsableLba 34 LastUsableLba 1250263694

GPT Header Guid cb7f5876-4063-43e7-93fc-47445286b31

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 732450444

Backup GPT header CurrentLba = 1250263727 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1250263694

Backup GPT header Guid cb7f5876-4063-43e7-93fc-47445286b31

Backup GPT header Contains 128 partition entries starting at LBA 1250263695

Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

Partition ID 6ac614ef-78e5-4798-a08f-fbb29d27c4b4

FirstLBA 2048 Last LBA 821247

Attributes 1

Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

Partition ID eb71eab0-241d-4c51-a0cb-f923561893c

FirstLBA 821248 Last LBA 1353727

Attributes 0

Partition Name EFI system partition

GPT Partition 1 is bootable

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID fa4860af-b029-4f6b-94c6-b62e3f172f0

FirstLBA 1353728 Last LBA 1615871

Attributes 0

Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID c72d63-ce17-4ae8-8bfb-804be5965c67

FirstLBA 1615872 Last LBA 1197086719

Attributes 0

Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID e6eccf47-8f15-4066-ae16-7ae97195837

FirstLBA 1197086720 Last LBA 1250263039

Attributes 1

Partition Name Basic data partition

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa80045ab740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80045aa040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80045ab740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa80045b5060, DeviceName: \Device\0000005d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8a00bddf580, 0xfffffa80045ab740, 0xfffffa80046c0090

Lower DeviceData: 0xfffff8a0037123d0, 0xfffffa80045b5060, 0xfffffa800470c8e0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 231BBB

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 4112577

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2106064896 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Infected: c:\Users\DABERTE\AppData\Local\Temp\F5A5.tmp --> [Trojan.Krypt]

Infected: c:\Users\DABERTE\AppData\Local\Temp\FC79.tmp --> [Trojan.Krypt]

Infected: c:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe --> [PUP.DownloadAdmin]

Infected: c:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe --> [PUP.DownloadAdmin]

Done!

Scan finished

Creating System Restore point...

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.896000 GHz

Memory total: 3726909440, free: 2607464448

Removal queue found; removal started

Removing c:\Users\DABERTE\AppData\Local\Temp\F5A5.tmp...

Removing c:\Users\DABERTE\AppData\Local\Temp\FC79.tmp...

Removing c:\Users\DABERTE\Downloads\uplayermediaplayer-setup (1).exe...

Removing c:\Users\DABERTE\Downloads\uplayermediaplayer-setup.exe...

Removal finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16540

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.896000 GHz

Memory total: 3726909440, free: 2397749248

------------ Kernel report ------------

05/19/2013 09:09:12

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\amd_sata.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\amd_xata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\WdFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\hpdskflt.sys

\SystemRoot\System32\drivers\wd.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\System32\drivers\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\System32\drivers\WirelessButtonDriver64.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\athw8x.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\RtsP2Stor.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\system32\drivers\AtihdW86.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\System32\drivers\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\appexDrv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\drivers\WpdUpFltr.sys

\SystemRoot\System32\drivers\umpass.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8005fc5060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000004b\

Lower Device Object: 0xfffffa8005f72650

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8005194060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000039\

Lower Device Object: 0xfffffa800456f7c0

Lower Device Driver Name: \Driver\amd_sata\

Driver name found: amd_sata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.05.19.06

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 4

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8005194060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005194b10, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005194060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8004961a30, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xfffffa8004546b20, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa800456f7c0, DeviceName: \Device\00000039\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8a00aec6700, 0xfffffa8005194060, 0xfffffa80048b7740

Lower DeviceData: 0xfffff8a00a9f27b0, 0xfffffa800456f7c0, 0xfffffa80064c2820

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 4

Partition type: GUID

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 3D867707

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)

Partition is NOT ACTIVE.

Partition starts at LBA: 1 Numsec = 1250263727

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254

GPT Header Revision 65536 Size 92 CRC 732450444

GPT Header CurrentLba = 1 BackupLba 1250263727

GPT Header FirstUsableLba 34 LastUsableLba 1250263694

GPT Header Guid cb7f5876-4063-43e7-93fc-47445286b31

GPT Header Contains 128 partition entries starting at LBA 2

GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254

Backup GPT header Revision 65536 Size 92 CRC 732450444

Backup GPT header CurrentLba = 1250263727 BackupLba 1

Backup GPT header FirstUsableLba 34 LastUsableLba 1250263694

Backup GPT header Guid cb7f5876-4063-43e7-93fc-47445286b31

Backup GPT header Contains 128 partition entries starting at LBA 1250263695

Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

Partition ID 6ac614ef-78e5-4798-a08f-fbb29d27c4b4

FirstLBA 2048 Last LBA 821247

Attributes 1

Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

Partition ID eb71eab0-241d-4c51-a0cb-f923561893c

FirstLBA 821248 Last LBA 1353727

Attributes 0

Partition Name EFI system partition

GPT Partition 1 is bootable

Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

Partition ID fa4860af-b029-4f6b-94c6-b62e3f172f0

FirstLBA 1353728 Last LBA 1615871

Attributes 0

Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID c72d63-ce17-4ae8-8bfb-804be5965c67

FirstLBA 1615872 Last LBA 1197086719

Attributes 0

Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

Partition ID e6eccf47-8f15-4066-ae16-7ae97195837

FirstLBA 1197086720 Last LBA 1250263039

Attributes 1

Partition Name Basic data partition

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8005fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005f71640, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

DevicePointer: 0xfffffa8005f72650, DeviceName: \Device\0000004b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\

Upper DeviceData: 0xfffff8a00a459690, 0xfffffa8005fc5060, 0xfffffa800403f090

Lower DeviceData: 0xfffff8a00a8f7550, 0xfffffa8005f72650, 0xfffffa8004116a00

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 231BBB

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 4112577

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2106064896 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

Link to post
Share on other sites

OK, update and run a scan with your anti-virus program..then:

Lets check for any adware while you're here:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Virus scan with fully updated Windows Defender found nothing. Here is the log you requested:

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 10:13:32

# Updated 16/05/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : DABERTE - DYLAN

# Boot Mode : Normal

# Running from : C:\Users\DABERTE\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\OApps

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\ProgramData\WeCareReminder

Folder Found : C:\Users\DABERTE\AppData\Local\Conduit

Folder Found : C:\Users\DABERTE\AppData\Local\Deal Vault

Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Folder Found : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Folder Found : C:\Users\DABERTE\AppData\Local\SwvUpdater

Folder Found : C:\Users\DABERTE\AppData\LocalLow\Conduit

Folder Found : C:\Users\DABERTE\AppData\LocalLow\Delta

Folder Found : C:\Users\DABERTE\AppData\LocalLow\PriceGong

Folder Found : C:\Users\DABERTE\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DynConIE

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\BabylonToolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Key Found : HKCU\Software\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Key Found : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Key Found : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}

Key Found : HKCU\Software\wecarereminder

Key Found : HKCU\Software\59ed98bb56fbd17

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\InfoAtoms

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKU\S-1-5-21-644089304-3686757851-447439007-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-644089304-3686757851-447439007-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKU\S-1-5-21-644089304-3686757851-447439007-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2362] : homepage = "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI=UN25845318231469032&UM=2",

Found [l.2666] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI=UN25845318231469032&UM=2" ]

*************************

AdwCleaner[R1].txt - [11131 octets] - [19/05/2013 10:13:32]

########## EOF - C:\AdwCleaner[R1].txt - [11192 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

# AdwCleaner v2.301 - Logfile created 05/19/2013 at 12:35:46

# Updated 16/05/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : DABERTE - DYLAN

# Boot Mode : Normal

# Running from : C:\Users\DABERTE\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Deleted on reboot : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld

File Deleted : C:\END

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\OApps

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\Users\DABERTE\AppData\Local\Conduit

Folder Deleted : C:\Users\DABERTE\AppData\Local\Deal Vault

Folder Deleted : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Folder Deleted : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Folder Deleted : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Folder Deleted : C:\Users\DABERTE\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\DABERTE\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\DABERTE\AppData\LocalLow\Delta

Folder Deleted : C:\Users\DABERTE\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\DABERTE\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8F03266-DEC7-4F5C-A6D3-D88533EE9070}

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\59ed98bb56fbd17

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\InfoAtoms

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fifbhfmciagkcmdmapchdimjekakljld

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbofibgamhkgoonaocfgemncghhadmgb

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\DABERTE\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2362] : homepage = "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI=UN25845318231469032&UM[...]

Deleted [l.2664] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3290229&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [11236 octets] - [19/05/2013 10:13:32]

AdwCleaner[R2].txt - [11297 octets] - [19/05/2013 12:35:28]

AdwCleaner[s1].txt - [10656 octets] - [19/05/2013 12:35:46]

########## EOF - C:\AdwCleaner[s1].txt - [10717 octets] ##########

Results of screen317's Security Check version 0.99.63

x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Defender

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

AVG PC TuneUp

AVG PC TuneUp Language Pack (en-US)

Java 7 Update 17

Java version out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

Windows Defender MsMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: %

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.

Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 17 <---please update, should be Update 21

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here

Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.