Jump to content

Pretty sure I'm Infected


SOCIOPATH
 Share

Recommended Posts

Hey guys or ladies. Need a little help getting rid of some suspected malware or adware on my pc. Firefox seems to load certain websites quite slow lately, and i a getting an odd popup window every so often called "speedtestbeta.com" Also, i ran adwcleaner and it found a bunch o things to clean but i was hesitant to do anything until i got expert advice so i closed out of it. I can run it again and post a log first or clean it if you approve. Logs are below:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2

Run by Murry at 0:04:39 on 2013-09-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7654.4408 [GMT -6:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Dolby PCEE4\pcee4.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\EgisTec IPS\PMMUpdate.exe

C:\Program Files\EgisTec IPS\EgisUpdate.exe

C:\ProgramData\TVersity\Media Server\MediaServer.exe

C:\ProgramData\TVersity\Media Server\berkelium\berkelium.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Users\Murry\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\msconfig.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

uURLSearchHooks: {3796e649-4334-4cbf-89d3-a927554ad438} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {4DB74D06-491C-440D-305E-012400990F3E} - LocalServer32 - <no file>

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [WeatherEye] C:\Users\Murry\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

uRun: [ConduitFloatingPlugin_hphdpodilhoiknmoeaknhhmjnmmfigip] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT2548838\plugins\TBVerifier.dll",RunConduitFloatingPlugin hphdpodilhoiknmoeaknhhmjnmmfigip

uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

StartupFolder: C:\Users\Murry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: NameServer = 172.16.1.254

TCP: Interfaces\{26A42B91-6FA6-41C8-8DF5-9B9F62B2E18B} : DHCPNameServer = 172.16.1.254

TCP: Interfaces\{26A42B91-6FA6-41C8-8DF5-9B9F62B2E18B}\2375942554230333 : DHCPNameServer = 172.16.1.254

TCP: Interfaces\{26A42B91-6FA6-41C8-8DF5-9B9F62B2E18B}\C65616E6E656D277C616E6D20313 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{2D14C0BF-9059-48D8-A649-F55F243674B6} : DHCPNameServer = 192.15.128.24

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\

FF - prefs.js: browser.startup.homepage - msn.ca

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-27 79488]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-27 40064]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-12-27 22648]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-12-27 20520]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-12-27 62776]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-27 204288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-12-27 352336]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]

R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-12-27 872552]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-11-2 255376]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-27 114704]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]

R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]

R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]

R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-26 53376]

S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 701512]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]

S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2012-9-28 24576]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2012-3-1 29184]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 25928]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-09-01 05:38:55 -------- d-----w- C:\AdwCleaner

2013-08-29 06:22:22 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2013-08-19 03:04:33 -------- d-----w- C:\Users\Murry\AppData\Local\ElevatedDiagnostics

2013-08-14 21:04:47 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-08-13 05:07:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-11 04:40:54 -------- d-----w- C:\Users\Murry\Tversity

2013-08-11 03:36:18 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2013-08-11 03:36:17 -------- d-----w- C:\Program Files (x86)\ffdshow

2013-08-11 03:09:39 -------- d-----w- C:\Users\Murry\AppData\Local\Chromium

2013-08-11 02:41:41 -------- d-----w- C:\Program Files (x86)\Xiph.Org

2013-08-11 02:41:34 -------- d-----w- C:\Program Files (x86)\TVersity Codec Pack

2013-08-11 02:37:02 -------- d-----w- C:\Program Files (x86)\SearchProtect

2013-08-11 02:36:00 -------- d-----w- C:\Users\Murry\AppData\Roaming\SearchProtect

2013-08-11 02:28:39 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2013-08-11 02:11:15 -------- d-----w- C:\ProgramData\TVersity

.

==================== Find3M ====================

.

2013-08-13 05:06:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-08-13 05:06:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-25 04:13:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-25 04:13:32 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-17 17:28:47 1409 ----a-w- C:\Windows\QTFont.for

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-05-08 08:00:40 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll

.

============= FINISH: 0:05:31.21 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 30/06/2012 9:58:23 PM

System Uptime: 27/08/2013 10:11:49 PM (98 hours ago)

.

Motherboard: Acer | | Aspire 5560

Processor: AMD A8-3520M APU with Radeon HD Graphics | Socket FS1 | 1600/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 683 GiB total, 343.648 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

I: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: USB Video Device

Device ID: USB\VID_058F&PID_B002&MI_00\6&34642B23&0&0000

Manufacturer: Microsoft

Name: 1.3M HD WebCam

PNP Device ID: USB\VID_058F&PID_B002&MI_00\6&34642B23&0&0000

Service: usbvideo

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Hosts File Hijack ======================

.

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

Hosts: 127.0.0.1 ads.bleepingcomputer.com

Hosts: 127.0.0.1 wdcs.trendmicro.com

.

==== Installed Programs ======================

.

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer Registration

Acer ScreenSaver

Acer Updater

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) MUI

Adobe Shockwave Player 12.0

Agatha Christie - Death on the Nile

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Media Foundation Decoders

AMD Steady Video Plug-In

AMD VISION Engine Control Center

Angry Birds

Angry Birds Rio

Angry Birds Seasons

Angry Birds Space

AngryBirdsStarWars 1.00

Backup Manager V3

Bad Piggies

Barbie as The Island Princess

Barbie Fashion Show CD-ROM

Barbie Horse Adventures

Bejeweled 2 Deluxe

Beware Planet Earth! version 1.0.1

Bicycle Canasta

Broadcom Card Reader Driver Installer

Broadcom Gigabit NetLink Controller

Build-a-lot 4 - Power Source

Castle Crashers

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Christmas Stories Nutcracker Collectors Edition 1.00

Christmas Tales Fellinas Journey 1.00

Christmas Wonderland 2

Christmas Wonderland 3 1.0

Chronicles of Albian

Chuzzle Deluxe

CityWatch 2_0_1

clear.fi

clear.fi Client

Combined Community Codec Pack 2013-08-01

Cradle of Rome 2

D3DX10

Disney-Pixar Brave

Dolby Advanced Audio v2

Dora's World Adventure

eBay Worldwide

ESET NOD32 Antivirus

Evernote v. 4.5.1

Farmington Tales

Farmscapes CE 1.00

FATE: The Cursed King

ffdshow v1.3.4515 [2013-06-12]

FileHippo.com Update Checker

Final Drive: Nitro

Fooz Kids

Fooz Kids Platform

Galerie de photos Windows Live

Gardenscapes 1.00

Google Chrome

Google Update Helper

Governor of Poker 2 Premium Edition

Happy Chef

Holly A Christmas Tale Deluxe FINAL 1.6.6

Hot Dish 2 Cross Country Cook-off 1.00

I SPY - Treasure Hunt

Identity Card

Java 7 Update 25

Java Auto Updater

Jewel Match 3

Junk Mail filter update

Launch Manager

LeapFrog Connect

LeapFrog Tag Plugin

LITTLEST PET SHOP

Malwarebytes Anti-Malware version 1.75.0.1300

Masque IGT Slots Lucky Larry's Lobstermania

MediaInfo 0.7.61

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Mystery of Mortlake Mansion

MyWinLocker

MyWinLocker 4

MyWinLocker Suite

newsXpresso

Norton Online Backup

NTI Media Maker 9

Operation Mania

Penguins!

Pinball Madness 2

Plants vs. Zombies - Game of the Year

Polar Bowler

Polar Golfer

PowerISO

Pro Pinball - Timeshock!

QuickTime

Ready to Read (remove only)

Realtek High Definition Audio Driver

Recuva

Search Protect by conduit

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Shop-N-Spree Family Fortune New 1.00

Shredder

Skype™ 5.10

Sticky Linky

Super DX-Ball Deluxe

Supermarket Mania 2 1.00

swMSM

Synaptics Pointing Device Driver

The Weather Network

Torchlight

TurboTax 2012

TVersity Media Server Pro 2.4

UDPixel.exe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

Virtual Villagers 5 - New Believers

VLC media player 2.0.7

Vuze

Welcome Center

WildTangent Games App

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 (64-bit)

Xilisoft Video Converter Ultimate

Xilisoft Video Converter Ultimate 7.7.2.20130508 7.7.2

Xiph.Org Open Codecs 0.85.17777

XMedia Recode version 3.1.6.4

Your Uninstaller! 2010

.

==== Event Viewer Messages From Past Week ========

.

31/08/2013 5:05:51 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

31/08/2013 2:34:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

30/08/2013 6:46:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR10.

30/08/2013 6:08:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.

30/08/2013 3:18:48 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.

30/08/2013 10:12:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

30/08/2013 10:02:34 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

29/08/2013 9:00:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.

29/08/2013 2:56:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.

29/08/2013 2:37:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.

29/08/2013 2:07:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

29/08/2013 12:48:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.

29/08/2013 11:23:06 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

28/08/2013 9:13:16 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

28/08/2013 9:13:13 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom2.

27/08/2013 9:57:47 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR18.

27/08/2013 4:46:36 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

27/08/2013 11:06:44 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR19.

27/08/2013 1:18:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR20.

26/08/2013 7:43:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TVersityMediaServer service.

26/08/2013 11:55:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR17.

26/08/2013 10:17:40 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.

25/08/2013 6:04:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR14.

25/08/2013 3:41:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

.

==== End Of File ===========================

Decided to add AdwCleaner log too but i have not selected clean yet. Let me know if most or all are safe to clean:

# AdwCleaner v3.001 - Report created 01/09/2013 at 01:58:57

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Murry - MURRY-PC

# Running from : C:\Users\Murry\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END

File Found : C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\Extensions\gophoto@gophoto.it.xpi

File Found : C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\searchplugins\Askcom.xml

File Found : C:\Windows\System32\roboot64.exe

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\Gophoto.it

Folder Found C:\Program Files (x86)\SearchProtect

Folder Found C:\Program Files (x86)\WinZip Registry Optimizer

Folder Found C:\ProgramData\AlawarWrapper

Folder Found C:\ProgramData\Trymedia

Folder Found C:\Users\Murry\AppData\Local\Conduit

Folder Found C:\Users\Murry\AppData\Local\cre

Folder Found C:\Users\Murry\AppData\Local\PackageAware

Folder Found C:\Users\Murry\AppData\LocalLow\AskToolbar

Folder Found C:\Users\Murry\AppData\LocalLow\Conduit

Folder Found C:\Users\Murry\AppData\LocalLow\PriceGong

Folder Found C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\jetpack

Folder Found C:\Users\Murry\AppData\Roaming\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Blabbers

Key Found : HKCU\Software\BrowserCompanion

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\SearchProtect

Key Found : [x64] HKCU\Software\1ClickDownload

Key Found : [x64] HKCU\Software\Blabbers

Key Found : [x64] HKCU\Software\BrowserCompanion

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\IGearSettings

Key Found : [x64] HKCU\Software\SearchProtect

Key Found : HKLM\Software\BrowserCompanion

Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\Software\SearchProtect

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_hphdpodilhoiknmoeaknhhmjnmmfigip]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\prefs.js ]

Line Found : user_pref("CT2139138.autoDisableScopes", -1);

Line Found : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1358302861307,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Found : user_pref("browser.search.defaultengine", "Ask.com");

Line Found : user_pref("browser.search.order.1", "Ask.com");

Line Found : user_pref("extensions.5038fa6865879.scode", "(function(){try{if('mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.sweetim.com'.indexOf(window[...]

Line Found : user_pref("extensions.508aad35596d8.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]

Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Murry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6689 octets] - [31/08/2013 23:39:19]

AdwCleaner[R1].txt - [6749 octets] - [31/08/2013 23:43:25]

AdwCleaner[R2].txt - [6645 octets] - [01/09/2013 01:58:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [6705 octets] ##########

Link to post
Share on other sites

  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please run the following before cleaning with AdwCleaner

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

  • Root Admin

Go ahead and run AdwCleaner again but this time choose to delete the items.
 
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Link to post
Share on other sites

  • Root Admin

Probably best to run it again in Scan mode to make sure it still finds the proper items.

 

Getting late here though and I was already going to leave so I'll probably have to check back on you but as long as you don't see anything you know you want to keep for sure then go ahead and tell it to delete it and I'll check on you later.

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


 

Link to post
Share on other sites

Got the log, only thing weird is that now my frefox page is kinda back to the default layout so i must have deleted some options when i cleaned :(

 

Other than that things seem okay. Log below and thanks for the help. Anything else we should run as well when your back?

 

# AdwCleaner v3.002 - Report created 02/09/2013 at 02:53:03
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Murry - MURRY-PC
# Running from : C:\Users\Murry\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\Murry\AppData\Local\Conduit
Folder Deleted : C:\Users\Murry\AppData\Local\cre
Folder Deleted : C:\Users\Murry\AppData\Local\PackageAware
Folder Deleted : C:\Users\Murry\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Murry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Murry\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Murry\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\jetpack
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\searchplugins\Askcom.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_hphdpodilhoiknmoeaknhhmjnmmfigip]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Murry\AppData\Roaming\Mozilla\Firefox\Profiles\parkv7o3.default\prefs.js ]

Line Deleted : user_pref("CT2139138.autoDisableScopes", -1);
Line Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1358302861307,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.5038fa6865879.scode", "(function(){try{if('mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.sweetim.com'.indexOf(window[...]
Line Deleted : user_pref("extensions.508aad35596d8.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search.swe[...]
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);


-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Murry\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6689 octets] - [31/08/2013 23:39:19]
AdwCleaner[R1].txt - [6749 octets] - [31/08/2013 23:43:25]
AdwCleaner[R2].txt - [6809 octets] - [01/09/2013 01:58:57]
AdwCleaner[R3].txt - [6855 octets] - [02/09/2013 02:51:14]
AdwCleaner[R4].txt - [6915 octets] - [02/09/2013 02:52:18]
AdwCleaner[s0].txt - [6739 octets] - [02/09/2013 02:53:03]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6799 octets] ##########
 

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

 

 

dr_web_cureit_zpse80d87bf.jpg

  • Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.
Link to post
Share on other sites

  • Root Admin

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

C:\Users\Murry\Documents\APPLICATIONS\Angry.Birds.v1.6.3.1.Cracked.GAME.HAPPY.THiRD.BiRTHDAY.TEAM-ErES\Crack\AngryBirds.exe

C:\Users\Murry\Documents\APPLICATIONS\Angry Birds Seasons v2.5.0 Including Crack with Key [h33t][iahq76]

C:\Users\Murry\Documents\APPLICATIONS\barbie fashion show\Barbie Fashion Show\crack\crack.exe - incurable, quarantined

C:\Users\Murry\Documents\APPLICATIONS\Diner Dash 5 - Boom Collectors Edition - Full PreCracked - Foxy Games\Diner Dash 5 - Boom Collectors Edition - Full PreCracked - Foxy Games.exe

C:\Users\Murry\Documents\APPLICATIONS\alcohol\Alcohol 120% 2.0.2.3931 Retail Multilanguage ADMIN@CRACK.rar

etc...

Link to post
Share on other sites

  • Root Admin

Topic reopened as user claims to have removed all pirated software.  We will continue to assist but any further evidence of cracked software will result in a closed topic and no further assistance being offered.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Why are you installing software during an infection investigation?

"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-08-28 4097672]

Please do not install any software unless requested until we're done here. Thanks

Please uninstall ALL versions of JAVA and if possible try to run your computer without Java. It is probably the most commonly compromised software each month which helps malware to get onto your computer in the first place.

Let me have you run this again now.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

  • Root Admin

Please try downloading this version of JavaRA and see if it can remove everything for you.

JavaRa-1.16-28-5-13.zip

Save the zip file to your computer. Then double click to open the file and select all the files and choose COPY then create a new folder named RemoveJava and paste the files into that new folder.

Then right click over the JavaRa.exe file in that new folder and choose "Run as administrator"

Choose your language and then click Select.

Do Not click on the "Search for Updates" button.

Just click on the "Remove Older Versions" button and tell it OK to remove all versions of Java.

When done it should open a log of what it found and removed.  Please post that back here.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.