Possibly infected by the Ministry of Defence

[Rigour]

Hello, Today I decided to check my computer over as I usially do after so long.

 

I opened the command prompt and tryed netstat -a found that I had a weird connection

 

so I tryed netstat -a -b and found it was from svchost.exe I downloaded "CurrPorts" and ran the file as an administrator and found somthing quite interesting.

 

I took the IP i was connected to and traced it. and found it was registered to the United Kingdoms MOD (Ministry of Defence) yet... heres the turn of events. It was showing me the ips location was located at a CHURCH... 

 

Ok so now I'm totally unaware of whats going on am I being tapped by the UK's MOD?

 

Well I went to there website there REAL website and apon loading it. My screen turned totally black. I tryed several things like Start keys, Ctrl+Alt+Delte.. Nothing I had to restart my pc now to be sure I tryed this two more times and its confirmed this site is what causes the screen to go black.

 

Right now i'm running a full scan with malewarebytes PRO and I have installed comodo firewall and am using it to monitor any suspicious connections but so far absolutely none

 

Please help me if you can becuase I do not know what to do.

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Rigour]

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.21.2

Run by The Batduck at 14:35:52 on 2013-07-15

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.2814.1401 [GMT -3:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\COMODO\launcher_service.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\alg.exe

C:\Program Files\SearchProtect\bin\CltMngSvc.exe

C:\Windows\system32\dllhost.exe

C:\Program Files\Comodo\Dragon\dragon_updater.exe

C:\Windows\ehome\ehRecvr.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\System32\msdtc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

C:\Windows\system32\locator.exe

C:\Windows\System32\snmptrap.exe

C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\iashost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conime.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Users\The Batduck\Downloads\RogueKiller.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

mURLSearchHooks: Produtools Maps Toolbar: {575bddf5-790a-4d01-a37d-2863dec1c085} - c:\program files\produtools_maps\prxtbProd.dll

mURLSearchHooks: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV0.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Toolbar BHO: {27488090-768a-4d20-a938-f223f71c344c} - c:\program files\zwinky_5q\bar\1.bin\5qbar.dll

BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - 

BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll

BHO: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV0.dll

BHO: Produtools Maps Toolbar: {575bddf5-790a-4d01-a37d-2863dec1c085} - c:\program files\produtools_maps\prxtbProd.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120829193241.dll

BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll

BHO: {8d3ec233-b92d-4187-a506-284127cfba2d} - <orphaned>

BHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} - 

BHO: {B939CF93-F2CB-443d-956C-DC523D85C9DB} - <orphaned>

BHO: Search Assistant BHO: {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - c:\program files\zwinky_5q\bar\1.bin\5qSrcAs.dll

BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.21.5\bh\delta.dll

BHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:\program files\gamesbar\2.0.1.109\oberontb.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll

TB: FLV Runner Toolbar: {3BBD3C14-4C16-4989-8366-95BC9179779D} - c:\program files\flv_runner\prxtbFLV0.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.109\oberontb.dll

TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 

TB: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV0.dll

TB: Zwinky: {3033124f-06bf-4829-873a-310a125b4d4c} - c:\program files\zwinky_5q\bar\1.bin\5qbar.dll

TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.21.5\deltaTlbr.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [eRecoveryService] <no file>

dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}

IE: {5f7f7e76-0f61-4de9-8ae6-e5ee565cd118} - {8d3ec233-b92d-4187-a506-284127cfba2d}

LSP: c:\windows\system32\AVLib.dll

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 

TCP: NameServer = 192.168.2.1 142.166.145.137

TCP: Interfaces\{6786B44F-F874-420D-A66B-9B2E41AA405A} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{6786B44F-F874-420D-A66B-9B2E41AA405A} : DHCPNameServer = 192.168.2.1 142.166.145.137

TCP: Interfaces\{DF1A31B0-896B-42E9-806E-D4F426DF8E53} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{DF1A31B0-896B-42E9-806E-D4F426DF8E53} : DHCPNameServer = 192.168.2.1 142.166.145.137

Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.94.0.1 client.openvpn.net

Hosts: 127.94.0.2 openvpn-client.us-ca-sj-001.privatetunnel.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\the batduck\appdata\roaming\mozilla\firefox\profiles\7pntvx3j.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\free ride games\npExentCtl.dll

FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - ExtSQL: 2013-06-09 23:34; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\common files\mcafee\SystemCore

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-8-29 461864]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 583448]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 43216]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-4-24 40648]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-8-29 164840]

R1 MpKsldf5eeff9;MpKsldf5eeff9;c:\programdata\microsoft\microsoft antimalware\definition updates\{3cd3d405-2f35-4ac1-b0ed-07936dc44886}\MpKsldf5eeff9.sys [2013-7-15 29904]

R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-4-17 70344]

R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]

R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2013-6-20 2095752]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-4-17 1851088]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2013-6-28 1440080]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-15 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-7-15 701512]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-8-29 166024]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2011-9-14 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-29 148520]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]

R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-6-25 4150112]

R2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\free ride games\X6XSEx_Pr143.sys [2013-2-9 47432]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 34432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-15 22856]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-29 180072]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-29 59288]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-8-19 26112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]

S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2012-6-29 13384]

S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 127192]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-8-29 87808]

S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]

S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-6-17 159208]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-8-21 270422]

S4 Acer TV Share Service;Acer TV Share Service;c:\program files\acer arcade live\acer tv share\kernel\dmstv\CLMSServer.exe [2012-1-10 270426]

S4 AVRedirector;AVRedirector;c:\program files\hide the ip\data\AVLib.EXE [2013-5-14 3208096]

S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

S4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2012-7-25 2438696]

S4 DefaultTabUpdate;DefaultTabUpdate;c:\users\mike\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-9-26 107520]

S4 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-8-21 24576]

S4 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-4-26 570664]

S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-4-26 390440]

S4 htisvcfwm;Hide The IP Service;c:\program files\hide the ip\data\htisvc.exe [2011-7-1 1256360]

S4 i2p;I2P Service;c:\program files\i2p\I2Psvc.exe [2013-5-17 384000]

S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]

S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]

S4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\openvpn technologies\privatetunnel\core\capiws.exe [2012-10-12 24064]

S4 Uvnc_service;Uvnc_service;c:\program files\ultravnc addons\uvnc_service.exe [2012-6-29 63296]

S4 Zwinky_5qService;ZwinkyService;c:\progra~1\zwinky~2\bar\1.bin\5qbarsvc.exe [2012-12-15 42504]

.

=============== Created Last 30 ================

.

2013-07-15 17:24:31 15616 ----a-w- c:\windows\system32\TrueSight.sys

2013-07-15 16:37:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3cd3d405-2f35-4ac1-b0ed-07936dc44886}\MpKsldf5eeff9.sys

2013-07-15 10:45:37 47368 ----a-w- c:\windows\system32\certsentry.dll

2013-07-15 10:44:09 -------- d-s---w- c:\programdata\Shared Space

2013-07-15 10:41:42 -------- d-----w- c:\programdata\COMODO

2013-07-15 10:41:13 -------- d-----w- c:\program files\common files\COMODO

2013-07-15 10:40:58 -------- d-----w- c:\users\the batduck\appdata\local\Comodo

2013-07-15 10:40:28 -------- d-----w- c:\program files\Comodo

2013-07-15 10:40:19 -------- d-----w- c:\programdata\Comodo Downloader

2013-07-15 10:32:09 -------- d-----w- c:\users\the batduck\appdata\roaming\Malwarebytes

2013-07-15 10:31:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-15 10:31:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-15 09:03:09 5914 ----a-w- c:\windows\system32\cc_20130715_060306.reg

2013-07-13 17:27:45 -------- d-----w- c:\program files\OpenVPN

2013-07-13 06:56:28 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3cd3d405-2f35-4ac1-b0ed-07936dc44886}\mpengine.dll

2013-07-12 19:29:49 -------- d-----w- c:\users\the batduck\appdata\local\LogMeIn Hamachi

2013-07-12 19:26:52 -------- d-----w- c:\program files\LogMeIn Hamachi

2013-07-09 08:41:17 -------- d-----w- c:\users\the batduck\appdata\local\Vitalwerks

2013-07-09 08:40:39 -------- d-----w- c:\program files\No-IP

2013-07-09 08:37:02 -------- d-----w- c:\users\the batduck\appdata\roaming\PhrozenSoft

2013-07-09 04:56:16 -------- dc----w- C:\Perl

2013-07-09 02:47:18 -------- d-----w- c:\windows\.wms32_32

2013-07-09 02:47:18 -------- d-----w- c:\users\the batduck\rw_cache

2013-07-08 11:21:20 -------- d-----w- c:\users\the batduck\project_destiny_474

2013-07-07 22:24:11 -------- d-----w- c:\users\the batduck\appdata\roaming\SearchProtect

2013-07-07 13:39:28 -------- d-----w- c:\program files\SearchProtect

2013-07-07 12:28:58 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-07-01 14:04:33 -------- d-----w- c:\program files\Dropbox

2013-07-01 14:02:26 -------- d-----w- c:\users\the batduck\appdata\roaming\Dropbox

2013-07-01 05:08:59 -------- d-----w- c:\users\the batduck\appdata\roaming\TechSmith

2013-07-01 05:08:35 -------- d-----w- c:\users\the batduck\appdata\local\TechSmith

2013-07-01 05:05:50 -------- d-----w- c:\program files\common files\TechSmith Shared

2013-06-29 07:17:41 -------- d-----w- c:\users\the batduck\appdata\local\join.me

2013-06-25 18:46:13 -------- d-----w- c:\program files\TeamViewer

2013-06-25 14:42:47 -------- d-----w- c:\program files\CCleaner

2013-06-25 01:11:25 724464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5df10f5a-18c6-42aa-ad0c-4c9eb7422df9}\gapaengine.dll

2013-06-24 04:17:23 -------- d-----w- c:\program files\Winamp Detect

2013-06-24 04:16:42 -------- d-----w- c:\program files\common files\PX Storage Engine

2013-06-24 02:30:10 -------- d-----w- c:\windows\system32\Data

2013-06-20 18:41:16 12800 ----a-w- c:\program files\mozilla firefox\plugins\npwachk.dll

2013-06-20 17:57:25 -------- d-----w- c:\users\the batduck\ForeverPkers03

2013-06-20 17:10:27 -------- d-----w- c:\users\the batduck\matrixiicache

2013-06-20 01:54:45 -------- dc----r- C:\Sandbox

2013-06-20 01:25:41 -------- d-----w- c:\program files\Sandboxie

2013-06-19 23:42:11 -------- d-----w- c:\users\the batduck\appdata\roaming\X-Chat 2

2013-06-19 23:41:58 -------- d-----w- c:\program files\xchat

2013-06-19 23:07:21 -------- d-----w- c:\users\the batduck\appdata\roaming\mIRC

2013-06-19 23:07:19 -------- d-----w- c:\program files\mIRC

2013-06-19 22:56:01 -------- d-----w- c:\program files\WinSCP

2013-06-18 19:15:58 583448 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2013-06-18 19:15:58 43216 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2013-06-18 19:15:56 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys

2013-06-18 19:15:50 35488 ----a-w- c:\windows\system32\cmdcsr.dll

2013-06-18 19:15:48 348584 ----a-w- c:\windows\system32\guard32.dll

2013-06-18 19:15:36 40664 ----a-w- c:\windows\system32\cmdkbd32.dll

2013-06-18 19:15:36 278232 ----a-w- c:\windows\system32\cmdvrt32.dll

.

==================== Find3M  ====================

.

2013-06-12 03:50:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-12 03:50:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-12 03:50:33 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-08 06:10:12 770384 ----a-w- c:\windows\system32\msvcr100.dll

2013-05-08 06:10:12 421200 ----a-w- c:\windows\system32\msvcp100.dll

2013-05-08 03:40:36 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-08 01:58:22 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2013-05-07 07:00:18 35064 ----a-w- c:\windows\system32\drivers\CFRMD.sys

2013-05-07 07:00:18 35064 ----a-w- c:\windows\inf\cfrmd\cfrmd.sys

2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 05:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll

2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll

2013-04-24 19:25:44 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys

2013-04-24 19:12:34 40648 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2013-04-24 04:00:30 985600 ----a-w- c:\windows\system32\crypt32.dll

2013-04-24 04:00:30 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-04-24 04:00:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-04-24 04:00:24 41984 ----a-w- c:\windows\system32\certenc.dll

2013-04-24 01:46:29 812544 ----a-w- c:\windows\system32\certutil.exe

2013-04-17 12:30:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2012-09-20 08:00:22 4096000 ----a-w- c:\program files\GUTE437.tmp

.

============= FINISH: 14:52:55.61 ===============

 

 

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : The Batduck [Admin rights]

Mode : Scan -- Date : 07/15/2013 15:10:15

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 5 ¤¤¤

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\ACER(N~1.SCR [-]) -> FOUND

 

¤¤¤ Scheduled tasks : 6 ¤¤¤

[V1][bLPATH] OptimizerProUpdaterRefreshTask.job : C:\ProgramData\OptimizerPro\updater.exe - /profilepath "C:\ProgramData\OptimizerPro\profile.ini" [-][-] -> FOUND

[V1][bLPATH] OptimizerProUpdaterLogonTask.job : C:\ProgramData\OptimizerPro\updater.exe - /schedule /profilepath "C:\ProgramData\OptimizerPro\profile.ini" [-][-] -> FOUND

[V1][sUSP PATH] Arcadesafari.job : C:\Users\Stephy Robin\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [7] -> FOUND

[V2][ROGUE ST] 4603 : wscript.exe - C:\Users\mike\AppData\Local\Temp\launchie.vbs //B -> FOUND

[V2][sUSP PATH] Arcadesafari : C:\Users\Stephy Robin\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [7] -> FOUND

[V2][sUSP PATH] EPUpdater : C:\Users\THEBAT~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

::1             localhost

127.94.0.1 client.openvpn.net

127.94.0.2 openvpn-client.us-ca-sj-001.privatetunnel.com

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD3200AAJS-22B4A0 ATA Device +++++

--- User ---

[MBR] 8fc411bc33070c5972f0ca6bcd2279b9

[bSP] 8356a5a0938c5d425ba4ea4d1c4bbb55 : Acer MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 116076 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268457984 | Size: 174161 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_07152013_151015.txt >>

RKreport[0]_S_07152013_143206.txt

 

 

 

 

attach.rar

[MrCharlie]

OK........you can't have all these anti-virus programs running on the system.

Pick one: McAfee, Microsoft Security Essentials or COMODO and uninstall the rest.
Having all of these installed only causes conflicts and provides spotty protection.
 

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

You're also loaded with adware/foistware, please uninstall these from your add/remove programs if you can:

Delta Chrome Toolbar
Delta toolbar
FLV Runner Toolbar
Free Ride Games Player
Hotspot Shield 2.93
Search Protect by conduit
WhiteSmokeTranslator
Yahoo! Toolbar
Zwinky Toolbar

 

----------------------------

Then............Is this a custom host file that you set:
 

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.us-ca-sj-001.privatetunnel.com

 

~~~~~~~~~~~~~~~~~~~~~~~~~~

Run RogueKiller again and click Scan
When the scan completes > click on the Scheduled tasks tab
Put a check next to all of these and uncheck the rest: (if found)
 

[V2][ROGUE ST] 4603 : wscript.exe - C:\Users\mike\AppData\Local\Temp\launchie.vbs //B -> FOUND
[V2][sUSP PATH] EPUpdater : C:\Users\THEBAT~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [7] -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~~~~~

Next........

Please download AdwCleaner from here and save it on your Desktop.
 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

• Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
• Now click on the Search tab.
• Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

[Rigour]

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 19:43:30

# Updated 11/07/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : The Batduck - OWNER-PC

# Boot Mode : Normal

# Running from : C:\Users\The Batduck\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

Found : DefaultTabUpdate

Found : Zwinky_5qService

 

***** [Files / Folders] *****

 

File Found : C:\END

File Found : C:\Program Files\mozilla firefox\searchplugins\Web Search.xml

File Found : C:\user.js

File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Found : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

File Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r0fsxocr.default\searchplugins\Web Search.xml

File Found : C:\Users\user\Desktop\Optimizer Pro.lnk

File Found : C:\Users\The Batduck\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

File Found : C:\Users\The Batduck\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

File Found : C:\Windows\system32\roboot.exe

Folder Found : C:\Program Files\Advanced System Protector

Folder Found : C:\Program Files\Bandoo

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\DefaultTab

Folder Found : C:\Program Files\DomaIQ Uninstaller

Folder Found : C:\Program Files\Free Offers from Freeze.com

Folder Found : C:\Program Files\GamesBar

Folder Found : C:\Program Files\GameTap Web Player

Folder Found : C:\Program Files\Gophoto.it

Folder Found : C:\Program Files\iMesh Applications

Folder Found : C:\Program Files\optimizer pro

Folder Found : C:\Program Files\Perion

Folder Found : C:\Program Files\Playbryte

Folder Found : C:\Program Files\Produtools_Maps

Folder Found : C:\Program Files\Red Sky

Folder Found : C:\Program Files\RegClean Pro

Folder Found : C:\Program Files\SearchProtect

Folder Found : C:\Program Files\WinZip Registry Optimizer

Folder Found : C:\Program Files\Zwinky_5q

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\GameTap Web Player

Folder Found : C:\ProgramData\GboxUpdater

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro

Folder Found : C:\ProgramData\ParetoLogic

Folder Found : C:\ProgramData\Premium

Folder Found : C:\ProgramData\SpeedMaxPc

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Owner\AppData\Local\Conduit

Folder Found : C:\Users\Owner\AppData\Local\PackageAware

Folder Found : C:\Users\Owner\AppData\LocalLow\alotappbar

Folder Found : C:\Users\Owner\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Owner\AppData\LocalLow\Bandoo

Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit

Folder Found : C:\Users\Owner\AppData\LocalLow\FunWebProducts

Folder Found : C:\Users\Owner\AppData\LocalLow\mediabarim

Folder Found : C:\Users\Owner\AppData\LocalLow\mediabarsh

Folder Found : C:\Users\Owner\AppData\LocalLow\MyWebSearch

Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Owner\AppData\LocalLow\Searchqutoolbar

Folder Found : C:\Users\Owner\AppData\Roaming\Babylon

Folder Found : C:\Users\Owner\AppData\Roaming\Bandoo

Folder Found : C:\Users\Owner\AppData\Roaming\OpenCandy

Folder Found : C:\Users\Owner\AppData\Roaming\PerformerSoft

Folder Found : C:\Users\user\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\user\AppData\LocalLow\Conduit

Folder Found : C:\Users\user\AppData\LocalLow\incredibar.com

Folder Found : C:\Users\user\AppData\LocalLow\mediabarim

Folder Found : C:\Users\user\AppData\LocalLow\mediabarsh

Folder Found : C:\Users\user\AppData\LocalLow\PriceGong

Folder Found : C:\Users\user\AppData\LocalLow\Produtools_Maps

Folder Found : C:\Users\user\AppData\LocalLow\Retrogamer_4w

Folder Found : C:\Users\user\AppData\LocalLow\searchquband

Folder Found : C:\Users\user\AppData\LocalLow\Searchqutoolbar

Folder Found : C:\Users\user\AppData\Local\Conduit

Folder Found : C:\Users\user\AppData\Local\DownTango

Folder Found : C:\Users\user\AppData\Local\Smartbar

Folder Found : C:\Users\user\AppData\LocalLow\AskToolbar

Folder Found : C:\Users\user\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\user\AppData\LocalLow\Conduit

Folder Found : C:\Users\user\AppData\LocalLow\GamingWonderland

Folder Found : C:\Users\user\AppData\LocalLow\incredibar.com

Folder Found : C:\Users\user\AppData\LocalLow\mediabarim

Folder Found : C:\Users\user\AppData\LocalLow\mixidj

Folder Found : C:\Users\user\AppData\LocalLow\PriceGong

Folder Found : C:\Users\user\AppData\LocalLow\Produtools_Maps

Folder Found : C:\Users\user\AppData\LocalLow\Retrogamer_4w

Folder Found : C:\Users\user\AppData\LocalLow\searchquband

Folder Found : C:\Users\user\AppData\LocalLow\Searchqutoolbar

Folder Found : C:\Users\user\AppData\LocalLow\Zwinky_5q

Folder Found : C:\Users\user\AppData\Roaming\DriverCure

Folder Found : C:\Users\user\AppData\Roaming\optimizer pro

Folder Found : C:\Users\user\AppData\Roaming\ParetoLogic

Folder Found : C:\Users\user\AppData\Roaming\PerformerSoft

Folder Found : C:\Users\user\AppData\Roaming\SearchProtect

Folder Found : C:\Users\The Batduck\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Folder Found : C:\Users\The Batduck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Folder Found : C:\Users\The Batduck\AppData\LocalLow\Conduit

Folder Found : C:\Users\The Batduck\AppData\LocalLow\PriceGong

Folder Found : C:\Users\The Batduck\AppData\LocalLow\Produtools_Maps

Folder Found : C:\Users\The Batduck\AppData\Roaming\Babylon

Folder Found : C:\Windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}

Folder Found : C:\Windows\system32\WNLT

 

***** [Registry] *****

 

Key Found : HKCU\Software\Alexa Internet

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Produtools_Maps

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\SProtector

Key Found : HKCU\Software\AskPartnerNetwork

Key Found : HKCU\Software\BabSolution

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\e57888be169be43

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Produtools_Maps Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zwinky_5qbar Uninstall

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27488090-768A-4D20-A938-F223F71C344C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3033124F-06BF-4829-873A-310A125B4D4C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{575BDDF5-790A-4D01-A37D-2863DEC1C085}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27488090-768A-4D20-A938-F223F71C344C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3033124F-06BF-4829-873A-310A125B4D4C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{575BDDF5-790A-4D01-A37D-2863DEC1C085}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\SearchProtect

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\Bandoo

Key Found : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB

Key Found : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1

Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}

Key Found : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll

Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader

Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{27488090-768A-4D20-A938-F223F71C344C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3033124F-06BF-4829-873A-310A125B4D4C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{575BDDF5-790A-4D01-A37D-2863DEC1C085}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A00289B5-2C16-4EC7-9780-2B56977ADC65}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO

Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState

Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm

Key Found : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC

Key Found : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC

Key Found : HKLM\Software\Classes\Installer\Products\7344DBA75A2144649A458FB3F3EBF7FB

Key Found : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3

Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B

Key Found : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}

Key Found : HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Found : HKLM\SOFTWARE\Classes\MF

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\sim-packages

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3042917

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3106574

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3131886

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3198785

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272718

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287819

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A8AE59A-2F19-4777-B0B4-177188AB839B}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{644413C0-4090-4A84-BC29-DC69E91A7D73}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}

Key Found : HKLM\SOFTWARE\Classes\wtb.Band

Key Found : HKLM\SOFTWARE\Classes\wtb.Band.1

Key Found : HKLM\SOFTWARE\Classes\wtb.NotificationSource

Key Found : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1

Key Found : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl

Key Found : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1

Key Found : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo

Key Found : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu.1

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin.1

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio.1

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.SettingsPlugin

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.SettingsPlugin.1

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.SkinLauncher

Key Found : HKLM\SOFTWARE\Classes\Zwinky_5q.SkinLauncher.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\Software\Funmoods

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Key Found : HKLM\Software\IB Updater

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{328D6F78-0DBB-4F17-ACD5-26A2EA4EF251}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F0B1972-589E-4437-9F4C-A18F2AF4BDC7}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7695996F-9846-4A09-A037-632E45737712}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B803084B-B069-485E-B5D0-F9A6D318AF02}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27488090-768A-4D20-A938-F223F71C344C}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{575BDDF5-790A-4D01-A37D-2863DEC1C085}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A00289B5-2C16-4EC7-9780-2B56977ADC65}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Maps Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwinky_5qbar Uninstall

Key Found : HKLM\SOFTWARE\MozillaPlugins\@Zwinky_5q.com/Plugin

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\Playbryte

Key Found : HKLM\Software\Produtools_Maps

Key Found : HKLM\Software\SpeedMaxPC

Key Found : HKLM\Software\SProtector

Key Found : HKLM\Software\systweak

Key Found : HKLM\Software\Tarma Installer

Key Found : HKLM\Software\Web Assistant

Key Found : HKU\S-1-5-21-397424738-1516466002-4240990644-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3033124F-06BF-4829-873A-310A125B4D4C}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{575BDDF5-790A-4D01-A37D-2863DEC1C085}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [5qffxtbr@Zwinky_5q.com]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16490

 

 

-\\ Mozilla Firefox v21.0 (en-US)

 

File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r0fsxocr.default\prefs.js

 

Found : user_pref("browser.search.selectedEngine", "Web Search");

 

File : C:\Users\The Batduck\AppData\Roaming\Mozilla\Firefox\Profiles\7pntvx3j.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

 

File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Found [l.25] : keyword = "search.snap.do",

 

File : C:\Users\The Batduck\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

 

*************************

 

AdwCleaner[R1].txt - [31309 octets] - [15/07/2013 19:43:30]

 

########## EOF - C:\AdwCleaner[R1].txt - [31370 octets] ##########

 

 

 

Then............Is this a custom host file that you set:

 

Quote

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.us-ca-sj-001.privatetunnel.com

 

 

Not that I personally set, but I do know what it is and I dont believe it to to be malicious.

I believe it's somthing that was done automaticly by "OpenVPN" a Virtual private network I have used in the past.

And I looked through the logs from adwcleaner and I believe its all adware and useless so I just went ahead and deleted it all.

 

Now regarding the original issue after a very long virus scan aproximately 7 hours with malwarebytes PRO I found 17 objects some of which were false positives I removed them all. I have checked my ports again and am not currently seeing the ip's that had been connected. I'm not sure if the issue is entirely solved or what the case is.

 

What is your professional opinion on this? do you believe the MOD had tapped me for some reason and had been invading my privacy? and if so why do you believe they may of done so?

 

Also here is a picture of all the svchost.exe's 

Please tell me if anything looks wrong here

 

 

 

And also thank you very much for all your assistance and fast replys you have helped so much I cannot thank you enough

 

 

 

 

[MrCharlie]

OK.......

Lots of adware found....lets clear it out.....

• Please re-run AdwCleaner
• Click on Delete button.
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

That should take care of all the adware.

Next:

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

[Rigour]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.1.0 (07.15.2013:1)

OS: Windows Vista Home Premium x86

Ran by The Batduck on 15/07/2013 at 22:21:34.71

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{6f43fa77-c18f-4d0c-9c7e-958876fe2061}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{df948646-8bf4-450e-a059-cf8a4e0fe2be}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{e96b49b0-e11f-48fc-984a-eec29a4f57e1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2E417911-FC7F-0A76-F316-6E367806725F}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\bcool"

Successfully deleted: [Folder] "C:\ProgramData\fighters"

Successfully deleted: [Folder] "C:\ProgramData\optimizerpro"

Successfully deleted: [Folder] "C:\ProgramData\pc1data"

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Program Files\dll-files.com fixer"

Successfully deleted: [Folder] "C:\Program Files\keybar_1.6"

Successfully deleted: [Folder] "C:\Program Files\otshot"

Successfully deleted: [Folder] "C:\Program Files\pc speed up"

Successfully deleted: [Folder] "C:\Program Files\wiseconvert_b"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\The Batduck\AppData\Roaming\mozilla\firefox\profiles\7pntvx3j.default\minidumps [2 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 15/07/2013 at 22:35:34.69

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adware seems taken care of , The malwarebytes anti-rootkit is running and i'll post back with the results in the morning, so far one detection thanks again -Rigour

[MrCharlie]

OK, I may not be here but be back in the AM.

MrC

[MrCharlie]

How are we doing??? MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!