Fladust Posted May 23, 2013 ID:682893 Share Posted May 23, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2013 02Ran by SYSTEM on 23-05-2013 09:39:01Running from D:\Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)HKLM\...\Run: [AmIcoSinglun] C:\Program Files\Selective Suspend Driver\AmIcoSinglun.exe [237568 2009-04-29] (AlcorMicro Co., Ltd.)HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7539232 2009-06-09] (Realtek Semiconductor)HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-06-18] (Acer Incorporated)HKLM\...\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-05-13] (Egis Technology Inc.)HKLM\...\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [345384 2009-05-14] (Egis Technology Inc.)HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()HKLM\...\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled [294544 2008-10-02] (Carbonite, Inc.)HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [200704 2009-07-29] ()HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1434920 2009-02-27] (Synaptics Incorporated)HKLM\...\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe [805384 2009-05-13] (Dritek System Inc.)HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [62760 2009-03-30] ()HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup [3387392 2007-11-26] (Leader Technologies)HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-06-09] (Realtek Semiconductor Corp.)HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$1d72c44b5bb1fa90358821975cbd19cf\n. ATTENTION! ====> ZeroAccessHKU\Default\...\RunOnce: [scrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [ 2009-06-15] ()HKU\Default User\...\RunOnce: [scrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [ 2009-06-15] ()HKU\Dustin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2012-03-08] (Microsoft Corporation)HKU\Dustin\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [ 2012-02-23] (Apple Inc.)HKU\Dustin\...\Run: [Apple Computer] rundll32.exe "C:\Users\Dustin\AppData\Local\Conduit\Apple Computer\udnhzftq.dll",CreateTzanShellW [x]HKU\Dustin\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]HKU\Dustin\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Dustin\Documents\270e79ec.exe [ 2013-05-23] ()HKU\Dustin\...\Winlogon: [shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) <==== ATTENTIONHKU\TEMP.Dustin-PC\...\RunOnce: [scrSav] C:\Program Files\Acer\Screensaver\run_Acer.exe /default [ 2009-06-15] ()Startup: C:\ProgramData\Start Menu\Programs\Startup\Acer VCM.lnkShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)Startup: C:\ProgramData\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)========================== Services (Whitelisted) =================S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [723488 2009-06-18] (Acer Incorporated)S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-16] (Google)S2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\McSACore.exe [101552 2013-03-04] (McAfee, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)S2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-05-14] (Egis Technology Inc.)S2 N360; C:\Program Files\Norton 360\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated)S3 msiserver; %systemroot%\system32\msiexec /V [x]==================== Drivers (Whitelisted) ====================S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001\BHDrvx86.sys [1000024 2013-04-12] (Symantec Corporation)S1 DPMemGridVista; C:\Program Files\GridVista\DPMemGridVista.sys [10504 2008-09-30] (Dritek System Inc.)S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-04-10] (Symantec Corporation)S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130522.001\IDSvix86.sys [386720 2012-08-31] (Symantec Corporation)S3 int15.sys; C:\Windows\System32\OEM\Factory\int15.sys [69632 2003-10-01] ()S3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [57344 2009-11-13] (Atheros Communications, Inc.)S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-12-04] (Egis Incorporated.)S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-12-04] (Egis Incorporated.)S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-12-04] (Egis Incorporated.)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130522.022\NAVENG.SYS [93272 2013-05-21] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130522.022\NAVEX15.SYS [1611992 2013-05-21] (Symantec Corporation)S1 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)S1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)S3 SSDISK; C:\Windows\System32\DRIVERS\SSDISK.sys [10752 2009-03-30] (Alcor Micro, Corp.)S3 SSUSB; C:\Windows\System32\DRIVERS\SSUSB.sys [14848 2009-04-07] (Alcor Micro, Corp.)S0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)S0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-11-06] (Symantec Corporation)S1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)S1 SYMTDIv; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)S3 IpInIp; system32\DRIVERS\ipinip.sys [x]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-23 09:34 - 2013-05-23 09:34 - 00000000 ____D C:\FRST2013-05-23 04:27 - 2013-05-23 04:27 - 01096025 ____A C:\Users\Dustin\AppData\Roaming\2433f4332013-05-23 04:27 - 2013-05-23 04:27 - 01096012 ____A C:\ProgramData\2433f4332013-05-23 04:27 - 2013-05-23 04:27 - 01095977 ____A C:\Users\Dustin\AppData\Local\2433f4332013-05-23 04:27 - 2013-05-23 04:27 - 00038400 ____A C:\Users\Dustin\Documents\270e79ec.exe2013-05-23 04:27 - 2013-05-23 04:27 - 00038400 ____A C:\Users\Dustin\Documents\270e79ec.dll2013-05-21 01:00 - 2013-05-22 16:28 - 00000000 ____D C:\Users\Dustin\AppData\Local\{FDCF5402-784E-4D74-A866-659107981331}2013-05-19 01:03 - 2013-05-20 01:04 - 00000000 ____D C:\Users\Dustin\AppData\Local\{27BC6C5F-031B-40CA-94B1-A534B10BD45D}2013-05-18 04:43 - 2013-05-18 04:43 - 00000000 ____D C:\Users\Dustin\AppData\Local\{FFDB55B6-CD3D-484E-B915-DFFAA667FA6D}2013-05-17 14:42 - 2013-05-17 14:43 - 00000000 ____D C:\Users\Dustin\AppData\Local\{F12A6032-C77E-41FD-B0FF-0FCA543E9E36}2013-05-17 02:42 - 2013-05-17 02:42 - 00000000 ____D C:\Users\Dustin\AppData\Local\{38CE80E4-8E30-4FCC-9E7A-F97EE30D26B5}2013-05-17 02:28 - 2013-05-17 02:28 - 00150960 ____A C:\Windows\Minidump\Mini051713-01.dmp2013-05-16 13:22 - 2013-05-16 13:22 - 00000000 ____D C:\Users\Dustin\AppData\Local\{DB5AFF85-6366-4A3C-972C-2908D273D3D8}2013-05-15 02:17 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-05-15 02:17 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-05-15 02:16 - 2013-05-05 21:24 - 06013440 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-15 02:16 - 2013-05-05 11:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-15 02:16 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-15 02:16 - 2013-04-04 02:10 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-15 02:16 - 2013-04-04 02:10 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-15 02:16 - 2013-04-04 02:10 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-05-15 02:16 - 2013-04-04 02:08 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll2013-05-15 02:16 - 2013-04-04 02:06 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll2013-05-15 02:16 - 2013-04-04 02:05 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-15 02:16 - 2013-04-04 02:05 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-05-15 02:16 - 2013-04-04 02:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll2013-05-15 02:16 - 2013-04-04 02:04 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-15 02:16 - 2013-04-04 02:04 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-15 02:16 - 2013-04-04 02:04 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-05-15 02:16 - 2013-04-04 02:04 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll2013-05-15 02:16 - 2013-04-04 02:04 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-15 02:16 - 2013-04-04 00:23 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec2013-05-15 02:16 - 2013-04-03 22:43 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-05-15 02:16 - 2013-04-03 22:42 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-15 02:16 - 2013-04-03 22:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe2013-05-14 19:41 - 2013-05-15 19:42 - 00000000 ____D C:\Users\Dustin\AppData\Local\{CBD0BD6B-DCC1-4E1D-B94D-6CBBCF3742A3}2013-05-13 02:48 - 2013-05-14 02:49 - 00000000 ____D C:\Users\Dustin\AppData\Local\{032DFDC0-59E3-4EF8-A040-1FA7713EE103}2013-05-11 02:11 - 2013-05-11 02:12 - 00000000 ____D C:\Users\Dustin\AppData\Local\{C6A68794-78E0-44D8-B72E-DA5F1505DBE4}2013-05-09 16:14 - 2013-05-10 07:05 - 00000000 ____D C:\Users\Dustin\AppData\Local\{E73C5416-E776-4BED-A99F-0E525DA91D9E}2013-05-05 19:48 - 2013-05-08 17:23 - 00000000 ____D C:\Users\Dustin\AppData\Local\{50AAA59B-0EF9-4CA8-838D-9813E83D7C07}2013-05-04 18:47 - 2013-05-04 18:47 - 00000000 ____D C:\Users\Dustin\AppData\Local\{05745F23-62CE-4055-B6B7-BEC6B8C586A8}2013-05-04 01:09 - 2013-05-04 01:10 - 00000000 ____D C:\Users\Dustin\AppData\Local\{6FED29DE-DD2B-4238-A9F1-D25947A8FB30}2013-05-03 00:39 - 2013-05-17 02:27 - 314462501 ____A C:\Windows\MEMORY.DMP2013-05-03 00:39 - 2013-05-03 00:39 - 00151216 ____A C:\Windows\Minidump\Mini050313-01.dmp2013-05-02 09:45 - 2013-05-02 09:49 - 00000000 ____D C:\Users\Dustin\AppData\Local\{9BC08BE4-A954-4003-86A2-6956E34FAABA}2013-05-02 09:37 - 2013-05-02 09:37 - 00000000 ____D C:\Users\Dustin\AppData\Local\{4BBFC7F6-8E88-4253-8B9B-DC790ABC9941}2013-05-01 21:07 - 2013-05-01 21:07 - 00000000 ____D C:\Users\Dustin\AppData\Local\{481150A2-1718-41AD-A24B-18096D89FAB8}2013-05-01 02:58 - 2013-05-01 02:59 - 00000000 ____D C:\Users\Dustin\Desktop\New Folder2013-05-01 02:58 - 2013-05-01 02:58 - 00000000 ____D C:\Users\Dustin\AppData\Local\Tekin2013-05-01 02:53 - 2013-05-04 05:34 - 00002419 ____A C:\Users\Dustin\Desktop\HotWire.lnk2013-05-01 02:53 - 2013-05-01 02:56 - 00000000 ____D C:\Program Files\Tekin HotWire2013-05-01 02:40 - 2013-05-01 02:40 - 05787589 ____A C:\Users\Dustin\Desktop\TekinHotWire.zip2013-04-29 04:40 - 2013-05-01 09:05 - 00000000 ____D C:\Users\Dustin\AppData\Local\{DD5E705B-7763-4BE3-BF82-138F8E4B677A}2013-04-28 16:39 - 2013-04-28 16:40 - 00000000 ____D C:\Users\Dustin\AppData\Local\{01F4238F-2445-42D5-8925-1CABB87C505C}2013-04-25 04:27 - 2013-04-27 19:39 - 00000000 ____D C:\Users\Dustin\AppData\Local\{F4D1981E-7B9C-406A-8D64-B51BB2487BD9}2013-04-24 16:31 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-24 16:27 - 2013-04-24 16:27 - 00000000 ____D C:\Users\Dustin\AppData\Local\{192FF6AF-048B-41EE-91D4-9D7F0E24B3FB}==================== One Month Modified Files and Folders ========2013-05-23 09:34 - 2013-05-23 09:34 - 00000000 ____D C:\FRST2013-05-23 05:31 - 2009-07-29 09:23 - 01531146 ____A C:\Windows\WindowsUpdate.log2013-05-23 05:31 - 2006-11-02 05:01 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-05-23 05:31 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-23 05:31 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02013-05-23 05:31 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02013-05-23 05:24 - 2010-03-26 14:32 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-05-23 04:27 - 2013-05-23 04:27 - 01096025 ____A C:\Users\Dustin\AppData\Roaming\2433f4332013-05-23 04:27 - 2013-05-23 04:27 - 01096012 ____A C:\ProgramData\2433f4332013-05-23 04:27 - 2013-05-23 04:27 - 01095977 ____A C:\Users\Dustin\AppData\Local\2433f4332013-05-23 04:27 - 2013-05-23 04:27 - 00038400 ____A C:\Users\Dustin\Documents\270e79ec.exe2013-05-23 04:27 - 2013-05-23 04:27 - 00038400 ____A C:\Users\Dustin\Documents\270e79ec.dll2013-05-23 04:14 - 2012-07-14 13:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-23 03:59 - 2010-06-02 17:55 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-05-22 17:15 - 2011-03-21 18:45 - 00000000 ____D C:\Users\Dustin\Tracing2013-05-22 16:28 - 2013-05-21 01:00 - 00000000 ____D C:\Users\Dustin\AppData\Local\{FDCF5402-784E-4D74-A866-659107981331}2013-05-20 01:04 - 2013-05-19 01:03 - 00000000 ____D C:\Users\Dustin\AppData\Local\{27BC6C5F-031B-40CA-94B1-A534B10BD45D}2013-05-20 00:38 - 2011-02-19 02:44 - 00001356 ____A C:\Users\Dustin\AppData\Local\d3d9caps.dat2013-05-19 21:23 - 2011-05-16 10:49 - 00005447 ____A C:\Windows\yacs.log2013-05-18 04:43 - 2013-05-18 04:43 - 00000000 ____D C:\Users\Dustin\AppData\Local\{FFDB55B6-CD3D-484E-B915-DFFAA667FA6D}2013-05-17 19:43 - 2008-01-20 18:47 - 00877718 ____A C:\Windows\PFRO.log2013-05-17 14:43 - 2013-05-17 14:42 - 00000000 ____D C:\Users\Dustin\AppData\Local\{F12A6032-C77E-41FD-B0FF-0FCA543E9E36}2013-05-17 14:09 - 2013-04-16 19:47 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\vlc2013-05-17 14:08 - 2013-03-05 19:28 - 00000000 ____D C:\Users\Dustin\Desktop\n2013-05-17 14:04 - 2011-03-03 22:39 - 00045568 ____A C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-05-17 02:42 - 2013-05-17 02:42 - 00000000 ____D C:\Users\Dustin\AppData\Local\{38CE80E4-8E30-4FCC-9E7A-F97EE30D26B5}2013-05-17 02:28 - 2013-05-17 02:28 - 00150960 ____A C:\Windows\Minidump\Mini051713-01.dmp2013-05-17 02:28 - 2011-04-08 19:53 - 00000000 ____D C:\Windows\Minidump2013-05-17 02:27 - 2013-05-03 00:39 - 314462501 ____A C:\Windows\MEMORY.DMP2013-05-16 16:06 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET2013-05-16 13:25 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-16 13:22 - 2013-05-16 13:22 - 00000000 ____D C:\Users\Dustin\AppData\Local\{DB5AFF85-6366-4A3C-972C-2908D273D3D8}2013-05-16 13:19 - 2006-11-02 04:47 - 00298008 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-15 23:15 - 2006-11-02 02:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe2013-05-15 19:42 - 2013-05-14 19:41 - 00000000 ____D C:\Users\Dustin\AppData\Local\{CBD0BD6B-DCC1-4E1D-B94D-6CBBCF3742A3}2013-05-14 21:15 - 2012-04-01 03:43 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe2013-05-14 21:15 - 2011-05-14 14:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl2013-05-14 02:49 - 2013-05-13 02:48 - 00000000 ____D C:\Users\Dustin\AppData\Local\{032DFDC0-59E3-4EF8-A040-1FA7713EE103}2013-05-14 00:56 - 2011-11-06 08:28 - 00000000 ____D C:\ProgramData\Norton2013-05-13 17:42 - 2010-06-02 16:23 - 00000000 ____D C:\Users\Dustin\AppData\Local\Apple Computer2013-05-11 02:12 - 2013-05-11 02:11 - 00000000 ____D C:\Users\Dustin\AppData\Local\{C6A68794-78E0-44D8-B72E-DA5F1505DBE4}2013-05-10 09:26 - 2010-03-26 02:22 - 00000000 ____D C:\users\Dustin2013-05-10 07:05 - 2013-05-09 16:14 - 00000000 ____D C:\Users\Dustin\AppData\Local\{E73C5416-E776-4BED-A99F-0E525DA91D9E}2013-05-08 17:23 - 2013-05-05 19:48 - 00000000 ____D C:\Users\Dustin\AppData\Local\{50AAA59B-0EF9-4CA8-838D-9813E83D7C07}2013-05-06 05:09 - 2010-06-16 16:27 - 00127348 ___AH C:\Windows\System32\mlfcache.dat2013-05-05 21:24 - 2013-05-15 02:16 - 06013440 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-05 11:58 - 2013-05-15 02:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-04 18:47 - 2013-05-04 18:47 - 00000000 ____D C:\Users\Dustin\AppData\Local\{05745F23-62CE-4055-B6B7-BEC6B8C586A8}2013-05-04 05:34 - 2013-05-01 02:53 - 00002419 ____A C:\Users\Dustin\Desktop\HotWire.lnk2013-05-04 01:10 - 2013-05-04 01:09 - 00000000 ____D C:\Users\Dustin\AppData\Local\{6FED29DE-DD2B-4238-A9F1-D25947A8FB30}2013-05-03 00:39 - 2013-05-03 00:39 - 00151216 ____A C:\Windows\Minidump\Mini050313-01.dmp2013-05-02 09:49 - 2013-05-02 09:45 - 00000000 ____D C:\Users\Dustin\AppData\Local\{9BC08BE4-A954-4003-86A2-6956E34FAABA}2013-05-02 09:37 - 2013-05-02 09:37 - 00000000 ____D C:\Users\Dustin\AppData\Local\{4BBFC7F6-8E88-4253-8B9B-DC790ABC9941}2013-05-01 21:07 - 2013-05-01 21:07 - 00000000 ____D C:\Users\Dustin\AppData\Local\{481150A2-1718-41AD-A24B-18096D89FAB8}2013-05-01 09:05 - 2013-04-29 04:40 - 00000000 ____D C:\Users\Dustin\AppData\Local\{DD5E705B-7763-4BE3-BF82-138F8E4B677A}2013-05-01 02:59 - 2013-05-01 02:58 - 00000000 ____D C:\Users\Dustin\Desktop\New Folder2013-05-01 02:58 - 2013-05-01 02:58 - 00000000 ____D C:\Users\Dustin\AppData\Local\Tekin2013-05-01 02:56 - 2013-05-01 02:53 - 00000000 ____D C:\Program Files\Tekin HotWire2013-05-01 02:40 - 2013-05-01 02:40 - 05787589 ____A C:\Users\Dustin\Desktop\TekinHotWire.zip2013-04-30 02:09 - 2010-03-26 14:39 - 00000000 ____D C:\Program Files\McAfee2013-04-28 16:40 - 2013-04-28 16:39 - 00000000 ____D C:\Users\Dustin\AppData\Local\{01F4238F-2445-42D5-8925-1CABB87C505C}2013-04-27 19:39 - 2013-04-25 04:27 - 00000000 ____D C:\Users\Dustin\AppData\Local\{F4D1981E-7B9C-406A-8D64-B51BB2487BD9}2013-04-24 19:36 - 2011-11-06 08:28 - 00000000 ____D C:\Users\Public\Downloads\Norton2013-04-24 16:27 - 2013-04-24 16:27 - 00000000 ____D C:\Users\Dustin\AppData\Local\{192FF6AF-048B-41EE-91D4-9D7F0E24B3FB}ZeroAccess:C:\$Recycle.Bin\S-1-5-21-2841516863-2568213138-2438928215-1000\$1d72c44b5bb1fa90358821975cbd19cfZeroAccess:C:\$Recycle.Bin\S-1-5-18\$1d72c44b5bb1fa90358821975cbd19cfOther Malware:===========C:\ProgramData\uninstaller.exeC:\ProgramData\ezsidmv.dat==================== Known DLLs (Whitelisted) ================================ Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-04-10 21:56:11Restore point made on: 2013-04-10 23:00:58Restore point made on: 2013-04-12 07:18:31Restore point made on: 2013-04-15 14:36:42Restore point made on: 2013-04-16 19:41:09Restore point made on: 2013-04-24 20:41:22Restore point made on: 2013-04-24 23:01:09Restore point made on: 2013-04-29 05:06:39Restore point made on: 2013-04-29 16:03:23Restore point made on: 2013-05-01 02:52:41Restore point made on: 2013-05-10 08:27:07Restore point made on: 2013-05-15 23:08:22Restore point made on: 2013-05-19 20:42:50Restore point made on: 2013-05-20 10:26:58Restore point made on: 2013-05-21 01:01:00==================== Memory info ===========================Percentage of memory in use: 14%Total physical RAM: 1978.18 MBAvailable physical RAM: 1697.22 MBTotal Pagefile: 1913.56 MBAvailable Pagefile: 1781 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1974.2 MB==================== Drives ================================Drive c: (ACER) (Fixed) (Total:220.88 GB) (Free:147.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (PUBLIC) (Fixed) (Total:0.47 GB) (Free:0.42 GB) FATDrive x: (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.83 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: B8B11E13)Partition 1: (Not Active) - (Size=12 GB) - (Type=27)Partition 2: (Active) - (Size=221 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 494 MB) (Disk ID: 095EE605)Partition 1: (Not Active) - (Size=486 MB) - (Type=06)Last Boot: 2013-05-23 05:29==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted May 23, 2013 ID:682896 Share Posted May 23, 2013 Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.-----------------------------------------OK, here you go......this should get you going:Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.See if the computer boots normally now and if so..........Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.MrC Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:682934 Share Posted May 23, 2013 I got the system to boot normally while waiting for this post i got microsoft security essentials running. Next I will run the fix list then download malwarebytes. Does this process sound, good process or should i run the fixlist first? Link to post Share on other sites More sharing options...
MrCharlie Posted May 23, 2013 ID:682937 Share Posted May 23, 2013 I would run the fixlist.txt first, and then MBAR, last MSE.MrCBTW: 13 minutes between the time you sent me a PM for help until I posted the fix. Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:682957 Share Posted May 23, 2013 ix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-05-2013 02Ran by Dustin at 2013-05-23 11:51:27 Run:1Running from D:\Boot Mode: Normal==============================================HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.HKEY_USERS\Dustin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.HKEY_USERS\Dustin\Software\Microsoft\Windows\CurrentVersion\Run\\Apple Computer => Value not found.C:\ProgramData\2433f433 => Moved successfully.C:\Users\Dustin\AppData\Local\2433f433 => Moved successfully.C:\Users\Dustin\Documents\270e79ec.exe => File/Directory not found.C:\Users\Dustin\Documents\270e79ec.dll => File/Directory not found.C:\Users\Dustin\AppData\Roaming\2433f433 => Moved successfully.C:\ProgramData\uninstaller.exe => File/Directory not found.C:\ProgramData\ezsidmv.dat => Moved successfully.C:\Users\Dustin\AppData\Local\Conduit\Apple Computer\udnhzftq.dll => File/Directory not found.C:\$Recycle.Bin\S-1-5-21-2841516863-2568213138-2438928215-1000\$1d72c44b5bb1fa90358821975cbd19cf => Directory moved successfully.C:\$Recycle.Bin\S-1-5-18\$1d72c44b5bb1fa90358821975cbd19cf => Deleted successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:683011 Share Posted May 23, 2013 Malwarebytes Anti-Rootkit BETA 1.05.0.1001www.malwarebytes.orgDatabase version: v2013.05.23.10Windows Vista Service Pack 2 x86 NTFSInternet Explorer 8.0.6001.19401Dustin :: DUSTIN-PC [administrator]5/23/2013 1:41:42 PMmbar-log-2013-05-23 (13-41-42).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 30046Time elapsed: 31 minute(s), 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.Registry Values Detected: 2HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-2841516863-2568213138-2438928215-1000\$1d72c44b5bb1fa90358821975cbd19cf\n. -> Delete on reboot.HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Apple Computer (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\Dustin\AppData\Local\Conduit\Apple Computer\udnhzftq.dll",CreateTzanShellW -> Delete on reboot.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 3c:\Users\Dustin\Local Settings\Application Data\TidyNetwork.com (PUP.TidyNetwork) -> Delete on reboot.c:\Users\Dustin\AppData\Local\TidyNetwork.com (PUP.TidyNetwork) -> Delete on reboot.c:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional (Rogue.FakeAV) -> Delete on reboot.Files Detected: 4c:\Users\Dustin\Favorites\Free Porn.url (Rogue.Link) -> Delete on reboot.c:\Users\Dustin\AppData\Local\TidyNetwork.com\sidYDLUS01.tidy (PUP.TidyNetwork) -> Delete on reboot.c:\Users\Dustin\AppData\Local\TidyNetwork.com\tidynetwork.log (PUP.TidyNetwork) -> Delete on reboot.c:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional\Disk Antivirus Professional.lnk (Rogue.FakeAV) -> Delete on reboot.(end) Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:683012 Share Posted May 23, 2013 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 6.0.6002 Windows Vista Service Pack 2 x86Account is AdministrativeInternet Explorer version: 8.0.6001.19401Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.396000 GHzMemory total: 2074275840, free: 990515200------------ Kernel report ------------ 05/23/2013 12:53:34------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\N360\0502020.003\SYMDS.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\system32\drivers\N360\0502020.003\SYMEFA.SYS\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\L1C60x86.sys\SystemRoot\system32\DRIVERS\NETw5v32.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\DKbFltr.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\IntcHdmi.sys\SystemRoot\System32\Drivers\N360\0502020.003\SRTSP.SYS\SystemRoot\system32\drivers\N360\0502020.003\Ironx86.SYS\SystemRoot\system32\drivers\N360\0502020.003\SRTSPX.SYS\??\C:\Windows\system32\Drivers\SYMEVENT.SYS\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130523.003\NAVEX15.SYS\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130523.003\NAVENG.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\System32\Drivers\N360\0502020.003\SYMTDIV.SYS\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130522.001_974\IDSvix86.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Program Files\GridVista\DPMemGridVista.sys\SystemRoot\System32\Drivers\dfsc.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001_88d\BHDrvx86.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\drivers\mrxdav.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff861987e0Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff847ee028Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorInitialization returned 0x0Load Function returned 0x0Downloaded database version: v2013.05.23.10Downloaded database version: v2013.05.22.01Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff861987e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff86198400, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff861987e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff847ee028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0xffffffffb50c9150, 0xffffffff861987e0, 0xffffffff84dc6ac8Lower DeviceData: 0xffffffff8f44d780, 0xffffffff847ee028, 0xffffffff84dc2e50<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: B8B11E13Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 25165824 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 25167872 Numsec = 463226880 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 250059350016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...Done!Performing system, memory and registry scan...Infected: c:\Users\Dustin\Favorites\Free Porn.url --> [Rogue.Link]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.Zaccess]Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 --> [Trojan.Zaccess]Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Apple Computer --> [Trojan.RedirRdll2.Gen]Infected: c:\Users\Dustin\Local Settings\Application Data\TidyNetwork.com --> [PUP.TidyNetwork]Infected: c:\Users\Dustin\AppData\Local\TidyNetwork.com\sidYDLUS01.tidy --> [PUP.TidyNetwork]Infected: c:\Users\Dustin\AppData\Local\TidyNetwork.com\tidynetwork.log --> [PUP.TidyNetwork]Infected: c:\Users\Dustin\AppData\Local\TidyNetwork.com --> [PUP.TidyNetwork]Infected: c:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional --> [Rogue.FakeAV]Infected: c:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional\Disk Antivirus Professional.lnk --> [Rogue.FakeAV]Done!Scan finishedCreating System Restore point...Scheduling clean up...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesExecuting an action fixdamage.exe...Success!Removal scheduling successful. System shutdown needed.System shutdown occurred=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 6.0.6002 Windows Vista Service Pack 2 x86Account is AdministrativeInternet Explorer version: 8.0.6001.19401Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.396000 GHzMemory total: 2074275840, free: 820187136Removal queue found; removal startedRemoving c:\Users\Dustin\Favorites\Free Porn.url...Removing c:\Users\Dustin\Local Settings\Application Data\TidyNetwork.com...Removing c:\Users\Dustin\AppData\Local\TidyNetwork.com\sidYDLUS01.tidy...Removing c:\Users\Dustin\AppData\Local\TidyNetwork.com\tidynetwork.log...Removing c:\Users\Dustin\AppData\Local\TidyNetwork.com...Removing c:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional...Removing c:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional\Disk Antivirus Professional.lnk...Removal finished=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 6.0.6002 Windows Vista Service Pack 2 x86Account is AdministrativeInternet Explorer version: 8.0.6001.19401Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.396000 GHzMemory total: 2074275840, free: 999636992------------ Kernel report ------------ 05/23/2013 14:34:33------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\imofugc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\N360\0502020.003\SYMDS.SYS\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\system32\drivers\N360\0502020.003\SYMEFA.SYS\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\L1C60x86.sys\SystemRoot\system32\DRIVERS\NETw5v32.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\DKbFltr.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\IntcHdmi.sys\SystemRoot\System32\Drivers\N360\0502020.003\SRTSP.SYS\SystemRoot\system32\drivers\N360\0502020.003\Ironx86.SYS\SystemRoot\system32\drivers\N360\0502020.003\SRTSPX.SYS\??\C:\Windows\system32\Drivers\SYMEVENT.SYS\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130523.003\NAVEX15.SYS\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130523.003\NAVENG.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\System32\Drivers\N360\0502020.003\SYMTDIV.SYS\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130522.001_974\IDSvix86.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys\??\C:\Program Files\GridVista\DPMemGridVista.sys\SystemRoot\System32\Drivers\dfsc.sys\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130515.001_88d\BHDrvx86.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\drivers\mrxdav.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63C8C756-CE73-4398-B62E-9F60B6A62EDA}\MpKsl9f276996.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff865e55b0Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\Ide\IAAStorageDevice-0\Lower Device Object: 0xffffffff84bf6028Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorInitialization returned 0x0Load Function returned 0x0Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff865e55b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff865e51d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff865e55b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff84bf6028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0xffffffffc5e713d8, 0xffffffff865e55b0, 0xffffffff84f60300Lower DeviceData: 0xffffffffc4473100, 0xffffffff84bf6028, 0xffffffff84f07558<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:683014 Share Posted May 23, 2013 how's it look? Link to post Share on other sites More sharing options...
MrCharlie Posted May 23, 2013 ID:683017 Share Posted May 23, 2013 Looking better but we have to run a couple of more scans:Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)MrC Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:683078 Share Posted May 23, 2013 RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Dustin [Admin rights]Mode : Scan -- Date : 05/23/2013 17:08:23| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[RUN][sUSP PATH] HKLM\[...]\RunOnce : Z1 (cmd /c "C:\Users\Dustin\Desktop\mbar\mbar.exe" /cleanup /s) [7] -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤SSDT[13] : NtAlertResumeThread @ 0x828E3591 -> HOOKED (Unknown @ 0x97A772A0)SSDT[14] : NtAlertThread @ 0x8285C1F5 -> HOOKED (Unknown @ 0x97A77380)SSDT[18] : NtAllocateVirtualMemory @ 0x8289847D -> HOOKED (Unknown @ 0x985039A8)SSDT[21] : NtAlpcConnectPort @ 0x8283A824 -> HOOKED (Unknown @ 0x9358BA48)SSDT[42] : NtAssignProcessToJobObject @ 0x8280DB08 -> HOOKED (Unknown @ 0x97A7F818)SSDT[67] : NtCreateMutant @ 0x828707A2 -> HOOKED (Unknown @ 0x97A7FDC0)SSDT[77] : NtCreateSymbolicLinkObject @ 0x8281031F -> HOOKED (Unknown @ 0x97A7F538)SSDT[78] : NtCreateThread @ 0x828E1BA4 -> HOOKED (Unknown @ 0x97A7D368)SSDT[116] : NtDebugActiveProcess @ 0x828B4CA0 -> HOOKED (Unknown @ 0x97A7F8F8)SSDT[129] : NtDuplicateObject @ 0x828484E1 -> HOOKED (Unknown @ 0x98880CD8)SSDT[147] : NtFreeVirtualMemory @ 0x826D4F1D -> HOOKED (Unknown @ 0x97A779D0)SSDT[156] : NtImpersonateAnonymousToken @ 0x8280AF15 -> HOOKED (Unknown @ 0x97A7FEB0)SSDT[158] : NtImpersonateThread @ 0x8282050F -> HOOKED (Unknown @ 0x97A7FF90)SSDT[165] : NtLoadDriver @ 0x827BBDEE -> HOOKED (Unknown @ 0x9358B9D0)SSDT[177] : NtMapViewOfSection @ 0x8286083A -> HOOKED (Unknown @ 0x97A778F0)SSDT[184] : NtOpenEvent @ 0x82849D5F -> HOOKED (Unknown @ 0x97A7FCE0)SSDT[194] : NtOpenProcess @ 0x82870F3E -> HOOKED (Unknown @ 0x86D8C4F8)SSDT[195] : NtOpenProcessToken @ 0x828519C0 -> HOOKED (Unknown @ 0x98880C18)SSDT[197] : NtOpenSection @ 0x8286160D -> HOOKED (Unknown @ 0x97A7FB20)SSDT[201] : NtOpenThread @ 0x8286C48F -> HOOKED (Unknown @ 0x97A623C0)SSDT[210] : NtProtectVirtualMemory @ 0x8286A272 -> HOOKED (Unknown @ 0x97A7F728)SSDT[282] : NtResumeThread @ 0x8286BADA -> HOOKED (Unknown @ 0x97A77460)SSDT[289] : NtSetContextThread @ 0x828E303F -> HOOKED (Unknown @ 0x97A776A0)SSDT[305] : NtSetInformationProcess @ 0x82864868 -> HOOKED (Unknown @ 0x97A77760)SSDT[317] : NtSetSystemInformation @ 0x82836E9B -> HOOKED (Unknown @ 0x97A7F9D8)SSDT[330] : NtSuspendProcess @ 0x828E34CB -> HOOKED (Unknown @ 0x97A7FC00)SSDT[331] : NtSuspendThread @ 0x827EA921 -> HOOKED (Unknown @ 0x97A77520)SSDT[334] : NtTerminateProcess @ 0x828410D3 -> HOOKED (Unknown @ 0x8480BD28)SSDT[335] : NtTerminateThread @ 0x8286C4C4 -> HOOKED (Unknown @ 0x97A775E0)SSDT[348] : NtUnmapViewOfSection @ 0x82860AFD -> HOOKED (Unknown @ 0x97A77830)SSDT[358] : NtWriteVirtualMemory @ 0x8285D8CD -> HOOKED (Unknown @ 0x97A77AA0)SSDT[382] : NtCreateThreadEx @ 0x8286BF79 -> HOOKED (Unknown @ 0x97A7F628)S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x97B5E240)S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x97A91070)S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x86BB2EF8)S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x97B94BA0)S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x97A8F900)S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x934373A8)S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x86BB2E28)S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x93437478)S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x97A8FA38)S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x97A517B0)¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost::1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++--- User ---[MBR] 98de0bbcb99822ece371f4909724be49[bSP] 9c367b86a7994ac83a936b8e595291b6 : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 226185 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_05232013_02d1708.txt >>RKreport[1]_S_05232013_02d1708.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 23, 2013 ID:683084 Share Posted May 23, 2013 That looks OK...Next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Fladust Posted May 23, 2013 Author ID:683108 Share Posted May 23, 2013 Can I get a link for ComboFIx Link to post Share on other sites More sharing options...
MrCharlie Posted May 23, 2013 ID:683110 Share Posted May 23, 2013 It's there:http://www.bleepingcomputer.com/download/combofix/MrC Link to post Share on other sites More sharing options...
Fladust Posted May 24, 2013 Author ID:683127 Share Posted May 24, 2013 ok i disabled my security but it says its till running Link to post Share on other sites More sharing options...
MrCharlie Posted May 24, 2013 ID:683134 Share Posted May 24, 2013 As long as it's disabled, you can run it. MrC Link to post Share on other sites More sharing options...
Fladust Posted May 24, 2013 Author ID:683170 Share Posted May 24, 2013 ComboFix 13-05-23.02 - Dustin 05/23/2013 20:17:33.1.1 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1978.946 [GMT -4:00]Running from: c:\users\Dustin\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}AV: Norton 360 Netbook Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton 360 Netbook Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}SP: Norton 360 Netbook Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Dustin\AppData\Roaming\.#D:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2013-04-24 to 2013-05-24 )))))))))))))))))))))))))))))))..2013-05-23 18:31 . 2013-05-23 18:31 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63C8C756-CE73-4398-B62E-9F60B6A62EDA}\MpKsl9f276996.sys2013-05-23 17:34 . 2013-05-23 15:51 -------- d-----w- C:\FRST2013-05-23 16:53 . 2013-05-23 16:53 -------- d-----w- c:\programdata\Malwarebytes2013-05-23 14:58 . 2013-05-14 05:49 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63C8C756-CE73-4398-B62E-9F60B6A62EDA}\mpengine.dll2013-05-23 14:40 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-05-23 14:35 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys2013-05-23 14:28 . 2013-05-23 14:28 -------- d-----w- c:\users\Dustin\AppData\Roaming\Tific2013-05-23 14:27 . 2013-05-23 14:27 -------- d-----w- c:\users\Dustin\AppData\Local\Symantec2013-05-01 10:58 . 2013-05-01 10:58 -------- d-----w- c:\users\Dustin\AppData\Local\Tekin2013-05-01 10:53 . 2013-05-01 10:56 -------- d-----w- c:\program files\Tekin HotWire...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-23 17:18 . 2012-04-01 11:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-05-23 17:18 . 2011-05-14 22:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-05-23 14:26 . 2011-08-26 02:18 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-02 13:07 . 2011-01-23 05:05 238872 ------w- c:\windows\system32\MpSigStub.exe2013-02-28 02:49 . 2013-03-13 03:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb2010-08-16 22:59 . 2010-08-16 22:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll2011-04-14 18:01 . 2010-04-03 00:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}].[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]2011-05-09 09:49 176936 ----a-w- c:\program files\WinZipBar\prxtbWinZ.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}].[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936].[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-26 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]"AmIcoSinglun"="c:\program files\Selective Suspend Driver\AmIcoSinglun.exe" [2009-04-29 237568]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-19 703008]"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-14 199464]"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-15 345384]"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-29 200704]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-05-14 805384]"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-31 62760]"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-09 1833504]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Z1"="c:\users\Dustin\Desktop\mbar\mbar.exe" [2013-03-23 1398856].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-27 565248]WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2011-10-22 611144].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSL9F276996*NewlyCreated* - TRUESIGHT*Deregistered* - TrueSight.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 17:18].2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 22:32].2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 22:32]..------- Supplementary Scan -------.uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777mStart Page = hxxp://www.yahoo.comuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.htmlTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - WinZipBar Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.SafeBoot-WudfPfSafeBoot-WudfRd...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-05-23 20:29Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1".Completion time: 2013-05-23 20:34:02ComboFix-quarantined-files.txt 2013-05-24 00:33.Pre-Run: 160,651,071,488 bytes freePost-Run: 160,586,022,912 bytes free.- - End Of File - - B01AEAA78E73A12F16EA6251954D7306 Link to post Share on other sites More sharing options...
MrCharlie Posted May 24, 2013 ID:683260 Share Posted May 24, 2013 Lets check for any adware while you're here:Please download AdwCleaner from here and save it on your Desktop. AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
Fladust Posted May 25, 2013 Author ID:683754 Share Posted May 25, 2013 # AdwCleaner v2.301 - Logfile created 05/25/2013 at 19:03:38# Updated 16/05/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Dustin - DUSTIN-PC# Boot Mode : Normal# Running from : C:\Users\Dustin\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Program Files\Mozilla Firefox\.autoregFile Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\searchplugins\Conduit.xmlFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\WinZipBarFolder Found : C:\ProgramData\WeCareReminderFolder Found : C:\Users\Dustin\AppData\Local\ConduitFolder Found : C:\Users\Dustin\AppData\LocalLow\ConduitFolder Found : C:\Users\Dustin\AppData\LocalLow\WinZipBarFolder Found : C:\Users\Dustin\AppData\Roaming\iWinFolder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\ConduitCommonFolder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\CT3106777Folder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}Folder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\wecarereminder@bryan***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\WinZipBarKey Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZipBar ToolbarKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKLM\SOFTWARE\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106777Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{529342A9-FAA6-495C-ACAF-8BD7C0C6925C}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D699AF26-F372-4D27-AEC6-B3D43EDEB30D}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar ToolbarKey Found : HKLM\Software\WinZipBarKey Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.19418[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777-\\ Mozilla Firefox v3.6.18 (en-US)File : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\prefs.jsFound : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Found : user_pref("CT3106777.BrowserCompStateIsOpen_130041080178558067", true);Found : user_pref("CT3106777.CTID", "CT3106777");Found : user_pref("CT3106777.DSInstall", true);Found : user_pref("CT3106777.DialogsAlignMode", "LTR");Found : user_pref("CT3106777.DialogsGetterLastCheckTime", "Mon Mar 18 2013 11:56:32 GMT-0400 (Eastern Daylig[...]Found : user_pref("CT3106777.DownloadReferralCookieData", "");Found : user_pref("CT3106777.EMailNotifierPollDate", "Mon Mar 18 2013 12:31:28 GMT-0400 (Eastern Daylight Ti[...]Found : user_pref("CT3106777.FirstTime", true);Found : user_pref("CT3106777.FirstTimeFF3", true);Found : user_pref("CT3106777.FixPageNotFoundErrors", true);Found : user_pref("CT3106777.HPInstall", true);Found : user_pref("CT3106777.HasUserGlobalKeys", true);Found : user_pref("CT3106777.HomePageProtectorEnabled", true);Found : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...]Found : user_pref("CT3106777.InstallationAndCookieDataSentCount", 1);Found : user_pref("CT3106777.InstallationId", "ConduitStubGeneric");Found : user_pref("CT3106777.InstallationType", "ConduitStubIntegration");Found : user_pref("CT3106777.InstalledDate", "Mon Mar 18 2013 11:56:28 GMT-0400 (Eastern Daylight Time)");Found : user_pref("CT3106777.IsGrouping", false);Found : user_pref("CT3106777.IsInitSetupIni", true);Found : user_pref("CT3106777.IsMulticommunity", false);Found : user_pref("CT3106777.IsOpenThankYouPage", false);Found : user_pref("CT3106777.IsOpenUninstallPage", false);Found : user_pref("CT3106777.IsProtectorsInit", true);Found : user_pref("CT3106777.LanguagePackLastCheckTime", "Mon Mar 18 2013 11:56:31 GMT-0400 (Eastern Dayligh[...]Found : user_pref("CT3106777.Locale", "en");Found : user_pref("CT3106777.MCDetectTooltipHeight", "83");Found : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Found : user_pref("CT3106777.MCDetectTooltipWidth", "295");Found : user_pref("CT3106777.MyStuffEnabledAtInstallation", true);Found : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0");Found : user_pref("CT3106777.SavedHomepage", "hxxp://www.yahoo.com");Found : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");Found : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");Found : user_pref("CT3106777.SearchFromAddressBarIsInit", true);Found : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]Found : user_pref("CT3106777.SearchProtectorEnabled", true);Found : user_pref("CT3106777.SearchProtectorToolbarDisabled", false);Found : user_pref("CT3106777.SendProtectorDataViaLogin", true);Found : user_pref("CT3106777.ServiceMapLastCheckTime", "Mon Mar 18 2013 11:56:27 GMT-0400 (Eastern Daylight [...]Found : user_pref("CT3106777.SettingsLastCheckTime", "Mon Mar 18 2013 11:56:28 GMT-0400 (Eastern Daylight Ti[...]Found : user_pref("CT3106777.SettingsLastUpdate", "1363591101");Found : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");Found : user_pref("CT3106777.ThirdPartyComponentsInterval", 504);Found : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Mon Mar 18 2013 11:56:27 GMT-0400 (Eastern Day[...]Found : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997");Found : user_pref("CT3106777.ToolbarShrinkedFromSetup", false);Found : user_pref("CT3106777.UserID", "UN55485468422601499");Found : user_pref("CT3106777.alertChannelId", "1500748");Found : user_pref("CT3106777.backendstorage.searchappstate", "32");Found : user_pref("CT3106777.backendstorage.searchapptracking", "73656E74");Found : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Mon Mar 18 2013 11:56:29 GMT-0400 (Eastern [...]Found : user_pref("CT3106777.initDone", true);Found : user_pref("CT3106777.isAppTrackingManagerOn", false);Found : user_pref("CT3106777.revertSettingsEnabled", true);Found : user_pref("CT3106777.testingCtid", "");Found : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Mon Mar 18 2013 11:56:29 GMT-0400 (Eastern D[...]Found : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Mon Mar 18 2013 11:56:39 GMT-0400 (Eastern D[...]Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...]Found : user_pref("CommunityToolbar.ConduitSearchList", "WinZipBar Customized Web Search");Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...]Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...]Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...]Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"738[...]Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dustin\\AppData\\Roaming\\Mozilla\\[...]Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee[...]Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3106777");Found : user_pref("CommunityToolbar.globalUserId", "51603441-2821-48dd-a47d-0a89f95ef7f2");Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Mar 18 2013 11:56:2[...]Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 18 2013 11:56:36 GMT-040[...]Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Found : user_pref("CommunityToolbar.notifications.locale", "en");Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Mar 18 2013 11:56:19 GMT-0400 (E[...]Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Found : user_pref("CommunityToolbar.notifications.userId", "7fcd5f57-0114-4783-af26-1bc47f9df829");Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.com");Found : user_pref("CommunityToolbar.originalSearchEngine", "Secure Search");Found : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search");Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...]Found : user_pref("browser.search.selectedEngine", "WinZipBar Customized Web Search");Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");-\\ Google Chrome v [unable to get version]File : C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [15125 octets] - [25/05/2013 19:03:38]########## EOF - C:\AdwCleaner[R1].txt - [15186 octets] ########### AdwCleaner v2.301 - Logfile created 05/25/2013 at 19:03:38# Updated 16/05/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Dustin - DUSTIN-PC# Boot Mode : Normal# Running from : C:\Users\Dustin\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\Program Files\Mozilla Firefox\.autoregFile Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\searchplugins\Conduit.xmlFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\WinZipBarFolder Found : C:\ProgramData\WeCareReminderFolder Found : C:\Users\Dustin\AppData\Local\ConduitFolder Found : C:\Users\Dustin\AppData\LocalLow\ConduitFolder Found : C:\Users\Dustin\AppData\LocalLow\WinZipBarFolder Found : C:\Users\Dustin\AppData\Roaming\iWinFolder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\ConduitCommonFolder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\CT3106777Folder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}Folder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\wecarereminder@bryan***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\WinZipBarKey Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZipBar ToolbarKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKLM\SOFTWARE\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106777Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{529342A9-FAA6-495C-ACAF-8BD7C0C6925C}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D699AF26-F372-4D27-AEC6-B3D43EDEB30D}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar ToolbarKey Found : HKLM\Software\WinZipBarKey Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.19418[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777-\\ Mozilla Firefox v3.6.18 (en-US)File : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\prefs.jsFound : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Found : user_pref("CT3106777.BrowserCompStateIsOpen_130041080178558067", true);Found : user_pref("CT3106777.CTID", "CT3106777");Found : user_pref("CT3106777.DSInstall", true);Found : user_pref("CT3106777.DialogsAlignMode", "LTR");Found : user_pref("CT3106777.DialogsGetterLastCheckTime", "Mon Mar 18 2013 11:56:32 GMT-0400 (Eastern Daylig[...]Found : user_pref("CT3106777.DownloadReferralCookieData", "");Found : user_pref("CT3106777.EMailNotifierPollDate", "Mon Mar 18 2013 12:31:28 GMT-0400 (Eastern Daylight Ti[...]Found : user_pref("CT3106777.FirstTime", true);Found : user_pref("CT3106777.FirstTimeFF3", true);Found : user_pref("CT3106777.FixPageNotFoundErrors", true);Found : user_pref("CT3106777.HPInstall", true);Found : user_pref("CT3106777.HasUserGlobalKeys", true);Found : user_pref("CT3106777.HomePageProtectorEnabled", true);Found : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...]Found : user_pref("CT3106777.InstallationAndCookieDataSentCount", 1);Found : user_pref("CT3106777.InstallationId", "ConduitStubGeneric");Found : user_pref("CT3106777.InstallationType", "ConduitStubIntegration");Found : user_pref("CT3106777.InstalledDate", "Mon Mar 18 2013 11:56:28 GMT-0400 (Eastern Daylight Time)");Found : user_pref("CT3106777.IsGrouping", false);Found : user_pref("CT3106777.IsInitSetupIni", true);Found : user_pref("CT3106777.IsMulticommunity", false);Found : user_pref("CT3106777.IsOpenThankYouPage", false);Found : user_pref("CT3106777.IsOpenUninstallPage", false);Found : user_pref("CT3106777.IsProtectorsInit", true);Found : user_pref("CT3106777.LanguagePackLastCheckTime", "Mon Mar 18 2013 11:56:31 GMT-0400 (Eastern Dayligh[...]Found : user_pref("CT3106777.Locale", "en");Found : user_pref("CT3106777.MCDetectTooltipHeight", "83");Found : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Found : user_pref("CT3106777.MCDetectTooltipWidth", "295");Found : user_pref("CT3106777.MyStuffEnabledAtInstallation", true);Found : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0");Found : user_pref("CT3106777.SavedHomepage", "hxxp://www.yahoo.com");Found : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");Found : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");Found : user_pref("CT3106777.SearchFromAddressBarIsInit", true);Found : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]Found : user_pref("CT3106777.SearchProtectorEnabled", true);Found : user_pref("CT3106777.SearchProtectorToolbarDisabled", false);Found : user_pref("CT3106777.SendProtectorDataViaLogin", true);Found : user_pref("CT3106777.ServiceMapLastCheckTime", "Mon Mar 18 2013 11:56:27 GMT-0400 (Eastern Daylight [...]Found : user_pref("CT3106777.SettingsLastCheckTime", "Mon Mar 18 2013 11:56:28 GMT-0400 (Eastern Daylight Ti[...]Found : user_pref("CT3106777.SettingsLastUpdate", "1363591101");Found : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");Found : user_pref("CT3106777.ThirdPartyComponentsInterval", 504);Found : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Mon Mar 18 2013 11:56:27 GMT-0400 (Eastern Day[...]Found : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997");Found : user_pref("CT3106777.ToolbarShrinkedFromSetup", false);Found : user_pref("CT3106777.UserID", "UN55485468422601499");Found : user_pref("CT3106777.alertChannelId", "1500748");Found : user_pref("CT3106777.backendstorage.searchappstate", "32");Found : user_pref("CT3106777.backendstorage.searchapptracking", "73656E74");Found : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Mon Mar 18 2013 11:56:29 GMT-0400 (Eastern [...]Found : user_pref("CT3106777.initDone", true);Found : user_pref("CT3106777.isAppTrackingManagerOn", false);Found : user_pref("CT3106777.revertSettingsEnabled", true);Found : user_pref("CT3106777.testingCtid", "");Found : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Mon Mar 18 2013 11:56:29 GMT-0400 (Eastern D[...]Found : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Mon Mar 18 2013 11:56:39 GMT-0400 (Eastern D[...]Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...]Found : user_pref("CommunityToolbar.ConduitSearchList", "WinZipBar Customized Web Search");Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...]Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...]Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...]Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"738[...]Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dustin\\AppData\\Roaming\\Mozilla\\[...]Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee[...]Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3106777");Found : user_pref("CommunityToolbar.globalUserId", "51603441-2821-48dd-a47d-0a89f95ef7f2");Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Mar 18 2013 11:56:2[...]Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 18 2013 11:56:36 GMT-040[...]Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Found : user_pref("CommunityToolbar.notifications.locale", "en");Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Mar 18 2013 11:56:19 GMT-0400 (E[...]Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Found : user_pref("CommunityToolbar.notifications.userId", "7fcd5f57-0114-4783-af26-1bc47f9df829");Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.com");Found : user_pref("CommunityToolbar.originalSearchEngine", "Secure Search");Found : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search");Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...]Found : user_pref("browser.search.selectedEngine", "WinZipBar Customized Web Search");Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");-\\ Google Chrome v [unable to get version]File : C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [15125 octets] - [25/05/2013 19:03:38]########## EOF - C:\AdwCleaner[R1].txt - [15186 octets] ########## Link to post Share on other sites More sharing options...
Fladust Posted May 25, 2013 Author ID:683755 Share Posted May 25, 2013 # AdwCleaner v2.301 - Logfile created 05/25/2013 at 19:05:27# Updated 16/05/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Dustin - DUSTIN-PC# Boot Mode : Normal# Running from : C:\Users\Dustin\Desktop\adwcleaner.exe# Option [search]# Switch Used : /DisableAskDetection , /DisableIEDetection , /DisableFFDetection , /DisableChromeDetection***** [services] ********** [Files / Folders] *****File Found : C:\Program Files\Mozilla Firefox\.autoregFile Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\searchplugins\Conduit.xmlFolder Found : C:\Program Files\ConduitFolder Found : C:\Program Files\WinZipBarFolder Found : C:\ProgramData\WeCareReminderFolder Found : C:\Users\Dustin\AppData\Local\ConduitFolder Found : C:\Users\Dustin\AppData\LocalLow\ConduitFolder Found : C:\Users\Dustin\AppData\LocalLow\WinZipBarFolder Found : C:\Users\Dustin\AppData\Roaming\iWinFolder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\ConduitCommonFolder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\CT3106777Folder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}Folder Found : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\wecarereminder@bryan***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\WinZipBarKey Found : HKCU\Software\AppDataLow\ToolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZipBar ToolbarKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKLM\SOFTWARE\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106777Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{529342A9-FAA6-495C-ACAF-8BD7C0C6925C}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D699AF26-F372-4D27-AEC6-B3D43EDEB30D}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar ToolbarKey Found : HKLM\Software\WinZipBarKey Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKU\S-1-5-21-2841516863-2568213138-2438928215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]***** [internet Browsers] ******************************AdwCleaner[R1].txt - [15256 octets] - [25/05/2013 19:03:38]AdwCleaner[R2].txt - [6478 octets] - [25/05/2013 19:05:27]########## EOF - C:\AdwCleaner[R2].txt - [6538 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted May 26, 2013 ID:683897 Share Posted May 26, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 29, 2013 ID:684905 Share Posted May 29, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 2, 2013 ID:686414 Share Posted June 2, 2013 Topic re-opened per request. Link to post Share on other sites More sharing options...
Fladust Posted June 3, 2013 Author ID:686601 Share Posted June 3, 2013 # AdwCleaner v2.301 - Logfile created 06/02/2013 at 19:59:22# Updated 16/05/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Dustin - DUSTIN-PC# Boot Mode : Normal# Running from : C:\Users\Dustin\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\Program Files\Mozilla Firefox\.autoregFile Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\searchplugins\Conduit.xmlFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\WinZipBarFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\Users\Dustin\AppData\Local\ConduitFolder Deleted : C:\Users\Dustin\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Dustin\AppData\LocalLow\WinZipBarFolder Deleted : C:\Users\Dustin\AppData\Roaming\iWinFolder Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\ConduitCommonFolder Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\CT3106777Folder Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}Folder Deleted : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\extensions\wecarereminder@bryan***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\Software\WinZipBarKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZipBar ToolbarKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{529342A9-FAA6-495C-ACAF-8BD7C0C6925C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D699AF26-F372-4D27-AEC6-B3D43EDEB30D}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar ToolbarKey Deleted : HKLM\Software\WinZipBarValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.19418Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777 --> hxxp://www.google.com-\\ Mozilla Firefox v3.6.18 (en-US)File : C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\prefs.jsC:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\7db6dc25.default\user.js ... Deleted !Deleted : user_pref("CT3106777.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Deleted : user_pref("CT3106777.BrowserCompStateIsOpen_130041080178558067", true);Deleted : user_pref("CT3106777.CTID", "CT3106777");Deleted : user_pref("CT3106777.DSInstall", true);Deleted : user_pref("CT3106777.DialogsAlignMode", "LTR");Deleted : user_pref("CT3106777.DialogsGetterLastCheckTime", "Mon Mar 18 2013 11:56:32 GMT-0400 (Eastern Daylig[...]Deleted : user_pref("CT3106777.DownloadReferralCookieData", "");Deleted : user_pref("CT3106777.EMailNotifierPollDate", "Mon Mar 18 2013 12:31:28 GMT-0400 (Eastern Daylight Ti[...]Deleted : user_pref("CT3106777.FirstTime", true);Deleted : user_pref("CT3106777.FirstTimeFF3", true);Deleted : user_pref("CT3106777.FixPageNotFoundErrors", true);Deleted : user_pref("CT3106777.HPInstall", true);Deleted : user_pref("CT3106777.HasUserGlobalKeys", true);Deleted : user_pref("CT3106777.HomePageProtectorEnabled", true);Deleted : user_pref("CT3106777.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=[...]Deleted : user_pref("CT3106777.InstallationAndCookieDataSentCount", 1);Deleted : user_pref("CT3106777.InstallationId", "ConduitStubGeneric");Deleted : user_pref("CT3106777.InstallationType", "ConduitStubIntegration");Deleted : user_pref("CT3106777.InstalledDate", "Mon Mar 18 2013 11:56:28 GMT-0400 (Eastern Daylight Time)");Deleted : user_pref("CT3106777.IsGrouping", false);Deleted : user_pref("CT3106777.IsInitSetupIni", true);Deleted : user_pref("CT3106777.IsMulticommunity", false);Deleted : user_pref("CT3106777.IsOpenThankYouPage", false);Deleted : user_pref("CT3106777.IsOpenUninstallPage", false);Deleted : user_pref("CT3106777.IsProtectorsInit", true);Deleted : user_pref("CT3106777.LanguagePackLastCheckTime", "Mon Mar 18 2013 11:56:31 GMT-0400 (Eastern Dayligh[...]Deleted : user_pref("CT3106777.Locale", "en");Deleted : user_pref("CT3106777.MCDetectTooltipHeight", "83");Deleted : user_pref("CT3106777.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Deleted : user_pref("CT3106777.MCDetectTooltipWidth", "295");Deleted : user_pref("CT3106777.MyStuffEnabledAtInstallation", true);Deleted : user_pref("CT3106777.OriginalFirstVersion", "3.8.1.0");Deleted : user_pref("CT3106777.SavedHomepage", "hxxp://www.yahoo.com");Deleted : user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");Deleted : user_pref("CT3106777.SearchEngineBeforeUnload", "WinZipBar Customized Web Search");Deleted : user_pref("CT3106777.SearchFromAddressBarIsInit", true);Deleted : user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT310[...]Deleted : user_pref("CT3106777.SearchProtectorEnabled", true);Deleted : user_pref("CT3106777.SearchProtectorToolbarDisabled", false);Deleted : user_pref("CT3106777.SendProtectorDataViaLogin", true);Deleted : user_pref("CT3106777.ServiceMapLastCheckTime", "Mon Mar 18 2013 11:56:27 GMT-0400 (Eastern Daylight [...]Deleted : user_pref("CT3106777.SettingsLastCheckTime", "Mon Mar 18 2013 11:56:28 GMT-0400 (Eastern Daylight Ti[...]Deleted : user_pref("CT3106777.SettingsLastUpdate", "1363591101");Deleted : user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");Deleted : user_pref("CT3106777.ThirdPartyComponentsInterval", 504);Deleted : user_pref("CT3106777.ThirdPartyComponentsLastCheck", "Mon Mar 18 2013 11:56:27 GMT-0400 (Eastern Day[...]Deleted : user_pref("CT3106777.ThirdPartyComponentsLastUpdate", "1331805997");Deleted : user_pref("CT3106777.ToolbarShrinkedFromSetup", false);Deleted : user_pref("CT3106777.UserID", "UN55485468422601499");Deleted : user_pref("CT3106777.alertChannelId", "1500748");Deleted : user_pref("CT3106777.backendstorage.searchappstate", "32");Deleted : user_pref("CT3106777.backendstorage.searchapptracking", "73656E74");Deleted : user_pref("CT3106777.globalFirstTimeInfoLastCheckTime", "Mon Mar 18 2013 11:56:29 GMT-0400 (Eastern [...]Deleted : user_pref("CT3106777.initDone", true);Deleted : user_pref("CT3106777.isAppTrackingManagerOn", false);Deleted : user_pref("CT3106777.revertSettingsEnabled", true);Deleted : user_pref("CT3106777.testingCtid", "");Deleted : user_pref("CT3106777.toolbarAppMetaDataLastCheckTime", "Mon Mar 18 2013 11:56:29 GMT-0400 (Eastern D[...]Deleted : user_pref("CT3106777.toolbarContextMenuLastCheckTime", "Mon Mar 18 2013 11:56:39 GMT-0400 (Eastern D[...]Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3106777&Search[...]Deleted : user_pref("CommunityToolbar.ConduitSearchList", "WinZipBar Customized Web Search");Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", [...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777",[...]Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"738[...]Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dustin\\AppData\\Roaming\\Mozilla\\[...]Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee[...]Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3106777");Deleted : user_pref("CommunityToolbar.globalUserId", "51603441-2821-48dd-a47d-0a89f95ef7f2");Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Mar 18 2013 11:56:2[...]Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 18 2013 11:56:36 GMT-040[...]Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Deleted : user_pref("CommunityToolbar.notifications.locale", "en");Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Mar 18 2013 11:56:19 GMT-0400 (E[...]Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Deleted : user_pref("CommunityToolbar.notifications.userId", "7fcd5f57-0114-4783-af26-1bc47f9df829");Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.yahoo.com");Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Secure Search");Deleted : user_pref("browser.search.defaultthis.engineName", "WinZipBar Customized Web Search");Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&Sea[...]Deleted : user_pref("browser.search.selectedEngine", "WinZipBar Customized Web Search");Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");-\\ Google Chrome v [unable to get version]File : C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [15256 octets] - [25/05/2013 19:03:38]AdwCleaner[R2].txt - [6607 octets] - [25/05/2013 19:05:27]AdwCleaner[s1].txt - [15084 octets] - [02/06/2013 19:59:22]########## EOF - C:\AdwCleaner[s1].txt - [15145 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted June 3, 2013 ID:686605 Share Posted June 3, 2013 I need to see the log from Security Check:http://forums.malwarebytes.org/index.php?showtopic=126727&view=findpost&p=683897MrC Link to post Share on other sites More sharing options...
Fladust Posted June 3, 2013 Author ID:686607 Share Posted June 3, 2013 Results of screen317's Security Check version 0.99.64 Windows Vista Service Pack 2 x86 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Norton 360 Netbook Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Java 6 Update 26 Java version out of Date! Adobe Flash Player 11.7.700.202 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.18) Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Recommended Posts