Jump to content

Codec -C infection


ikefor

Recommended Posts

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Post those logs in next reply...

 

Kevin

fixlist.txt

Link to post
Share on other sites

>>>>>>>>>>>>>>Fixlist.txt>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by Owner at 2013-09-22 19:49:15 Run:1
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
AlternateDataStreams: C:\ProgramData\Temp:08948D52
AlternateDataStreams: C:\ProgramData\Temp:98781370
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:DED17083
End

*****************

C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe => Moved successfully.
C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe => Moved successfully.
C:\ProgramData\Temp => ":08948D52" ADS removed successfully.
C:\ProgramData\Temp => ":98781370" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\Temp => ":D287FACF" ADS removed successfully.
C:\ProgramData\Temp => ":DED17083" ADS removed successfully.

==== End of Fixlog ====

 

 

 

 

 

 

 

 

>>>>>>>>>>>>>>>AdwCleaner .txt starts here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

# AdwCleaner v3.004 - Report created 22/09/2013 at 19:59:44
# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\AskPartnerNetwork
[!] Folder Deleted : C:\ProgramData\AVG Secure Search
[!] Folder Deleted : C:\ProgramData\StarApp
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[!] Folder Deleted : C:\Program Files (x86)\1ClickDownload
[!] Folder Deleted : C:\Program Files (x86)\Ask.com
[!] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
[!] Folder Deleted : C:\Program Files (x86)\AVG Secure Search
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\LyricsPal
[!] Folder Deleted : C:\Program Files (x86)\Minibar
[!] Folder Deleted : C:\Program Files (x86)\optimizer pro
[!] Folder Deleted : C:\Program Files (x86)\registry mechanic
[!] Folder Deleted : C:\Program Files (x86)\Splashtop
[!] Folder Deleted : C:\Program Files (x86)\BitTorrentBar
[!] Folder Deleted : C:\Program Files (x86)\Freecorder
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Bundled software uninstaller
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Owner\AppData\Local\FilesFrog Update Checker
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Minibar
[!] Folder Deleted : C:\Users\Owner\AppData\Local\OpenCandy
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Splashtop
[!] Folder Deleted : C:\Users\Owner\AppData\Local\TempDir
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\ConduitEngine
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Minibar
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\BitTorrentBar
[!] Folder Deleted : C:\Users\Owner\AppData\LocalLow\Freecorder
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\optimizer pro
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\registry mechanic
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[!] Folder Deleted : C:\Users\Owner\Documents\Freecorder
[!] Folder Deleted : C:\Users\ikem\AppData\Local\AVG Secure Search
[!] Folder Deleted : C:\Users\ikem\AppData\LocalLow\AVG Secure Search
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\Conduit
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\ConduitCommon
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\ConduitEngine
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\CT2790392
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\Extensions\engine@conduit.com
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\Extensions\toolbar@ask.com
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\\invalidprefs.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\user.js
File Deleted : C:\Windows\Tasks\Lyrics-Pal Update.job
File Deleted : C:\Windows\System32\Tasks\Lyrics-Pal Update
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027126.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027126.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027126.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027126.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B54E96C1-85C3-410A-8DB1-C276BC3535C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71F29921-5F36-4F9B-8192-A253F970391B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211711126}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B54E96C1-85C3-410A-8DB1-C276BC3535C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211711126}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B54E96C1-85C3-410A-8DB1-C276BC3535C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71F29921-5F36-4F9B-8192-A253F970391B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211711126}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B54E96C1-85C3-410A-8DB1-C276BC3535C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211711126}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71F29921-5F36-4F9B-8192-A253F970391B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211711126}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BFD4AE0-5CB3-4B43-B338-2ED6DC704502}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FC0FE5-4CD1-4CBC-B69D-42A1173FF5C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F13C1399-3037-4426-841F-658146D33870}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26781A06-5DC6-4FA5-95D2-6A2CC5760BF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211711126}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211711126}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\lyricspal
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Headlight
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lrcspal@lyricspal.co
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Splashtop Software Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BitTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3gdervhp.default\prefs.js ]

Line Deleted : user_pref("bettergmail2.enabled.inboxcountfirst", true);
Line Deleted : user_pref("extensions.50e0eeda7ce3c.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");[...]
Line Deleted : user_pref("extensions.50e0ef03596fb.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.ATU4-V7.domain", "\"www.search.ask.com\"");
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.js", "\n\n  /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Line Deleted : user_pref("extensions.a90f0c3bb03224184bf7ffe36e81df678bdd9e2d988a24c07abf71073ebd471fdcom27126.27126.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossrider.bic", "13e86a6772974f02778d022ce531e759");
Line Deleted : user_pref("extensions.enabledAddons", "bettergmail2%40ginatrapani.org:1.2,%7B2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9%7D:2.3.4,%7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2,%7B582195F5-92E7-40a0-A127[...]
Line Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Line Deleted : user_pref("extensions.kango.storage.m2_k1", "1");
Line Deleted : user_pref("extensions.kango.storage.m2_k2", "60");
Line Deleted : user_pref("extensions.kango.storage.m2_k3", "1377940298157");
Line Deleted : user_pref("extensions.kango.storage.m2_k4", "0");
Line Deleted : user_pref("extensions.kango.storage.m2_k5", "1377940302638");

Line Deleted : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
Line Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("extensions.toolbar_ATU4-V7@apn.ask.com.install-event-fired", true);

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\psrc56ue.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [23757 octets] - [22/09/2013 19:52:38]
AdwCleaner[s0].txt - [23627 octets] - [22/09/2013 19:59:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23688 octets] ##########
 

 

 

 

 

 

 

 

 

 

 

>>>>>>>>>>>MBAM Report Starts Here >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.22.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

22-09-2013 8:46:05 PM
mbam-log-2013-09-22 (20-46-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274766
Time elapsed: 13 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CAC42510-9B41-42c1-9DCD-7282A2D07C61} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3AC7D000-0444-4011-A43C-D7796E97E0D1} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{334C6DE3-3FE2-4ED4-9D51-538C3A55E706} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC42510-9B41-42C1-9DCD-7282A2D07C61} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC42510-9B41-42C1-9DCD-7282A2D07C61} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC42510-9B41-42C1-9DCD-7282A2D07C61} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebcafb3f-5032-49f2-bf60-b99beef14b5c} (PUP.Optional.LyricsAd.Gen) -> Quarantined and deleted successfully.
HKCR\CLSID\{ebcafb3f-5032-49f2-bf60-b99beef14b5c} (PUP.Optional.LyricsAd.Gen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBCAFB3F-5032-49F2-BF60-B99BEEF14B5C} (PUP.Optional.LyricsAd.Gen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBCAFB3F-5032-49F2-BF60-B99BEEF14B5C} (PUP.Optional.LyricsAd.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\BitAccelerator (Trojan.BHO) -> Quarantined and deleted successfully.

Files Detected: 18
C:\ProgramData\InstallMate\{BE965872-CB40-4A63-A888-836265757A84}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{BE965872-CB40-4A63-A888-836265757A84}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{EF967BC2-5447-4B19-A9F2-1C6534755934}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{EF967BC2-5447-4B19-A9F2-1C6534755934}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\aTubeCatcher.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\FLVPlayerSetup-7TZ8j8z.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\rpc412_setup (1).exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\rpc412_setup.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\setup.exe (PUP.Optional.Installex) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\sketchup-pro-2013-13-0-build-3689-cracked-files-chingliu.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\SoftonicDownloader_for_google-sketchup.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\YouTube_Downloader_Converter.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\~Google_SketchUp_Pro_2013_v13.0.exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\AppsHat Mobile Apps\Uninstall.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\DirectDownloader\DirectDownloader.exe (Adware.DirectDownloader) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\DirectDownloader\updateRunner.exe (Adware.DirectDownloader) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BitAccelerator\BitAccelerator.dll (Trojan.BHO) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.