Jump to content

Vicious Malware


Recommended Posts

I'm posting DDS.txt and Attach.txt as instructed. Please help. Thanks.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 1.6.0_29
Run by Proud Owner at 10:20:32 on 2013-10-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16361.12068 [GMT -7:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanWpsSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe
C:\Users\Proud Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Proud Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uURLSearchHooks: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
mURLSearchHooks: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: RadioPI: {92926B63-5116-4C6F-A33E-378767B8D15F} - 
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: RadioPI: {92926b63-5116-4c6f-a33e-378767b8d15f} - 
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll
TB: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files (x86)\Vafmusic2\prxtbVafm.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Proud Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [spotify Web Helper] "C:\Users\Proud Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [spotify] "C:\Users\Proud Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\PROUDO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Proud Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\PROUDO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Proud Owner\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
StartupFolder: C:\Users\PROUDO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\PROUDO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:95
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0695F37D-663C-438E-8A89-320E46FDAE9A} : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{1AB29D57-ECE2-4747-8CA8-2D0613E12920} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [AtherosBtStack] C:\Program Files (x86)\ASUS Bluetooth Suite\BtvStack.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Proud Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - ExtSQL: 2013-09-27 19:47; firefox@saltarsmart.biz; C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\extensions\firefox@saltarsmart.biz.xpi
FF - ExtSQL: 2013-09-30 01:25; addon@defaulttab.com; C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-09-30 01:26; {7f3f960e-a836-45ca-8911-0accb522246e}; C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
FF - ExtSQL: !HIDDEN! 2011-11-07 11:32; 4effxtbr@RadioPI_4e.com; C:\Program Files (x86)\RadioPI_4e\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-4-26 84536]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-4-26 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/09/08 14:51:01];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 avp;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -r [?]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-9-8 133800]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-11 14997280]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files\Encore\ENUWI-N4 Wireless USB Adapter\WlanWpsSvc.exe [2011-11-18 167936]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2009-10-20 25088]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-9 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-9 181248]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-9-11 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-12-25 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-12-25 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-12-25 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-12-25 34304]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2009-10-21 31744]
S3 AthDfu;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2009-7-25 47616]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2009-10-23 329728]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2009-10-22 240128]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2009-10-21 126976]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2009-10-22 57344]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-10-5 130976]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2011-11-18 664576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-10 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-04 10:15:11 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BBFB0E9B-B570-4F58-937F-2C52479FA976}\mpengine.dll
2013-10-03 22:52:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-03 22:52:37 -------- d-----w- C:\Program Files\iTunes
2013-10-03 22:52:37 -------- d-----w- C:\Program Files\iPod
2013-10-03 22:52:37 -------- d-----w- C:\Program Files (x86)\iTunes
2013-10-01 15:02:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-10-01 15:02:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-10-01 15:02:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-10-01 15:02:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-10-01 15:02:42 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-30 08:28:11 -------- d-----w- C:\Program Files\Uninstaller
2013-09-30 08:27:04 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-09-30 08:26:58 -------- d-----w- C:\ProgramData\Conduit
2013-09-30 08:26:55 -------- d-----w- C:\Program Files (x86)\Vafmusic2
2013-09-30 08:26:36 -------- d-----w- C:\Users\Proud Owner\AppData\Local\CRE
2013-09-30 08:26:31 -------- d-----w- C:\Users\Proud Owner\AppData\Roaming\SearchProtect
2013-09-30 08:26:10 -------- d-----w- C:\Users\Proud Owner\AppData\Roaming\Optimizer Pro
2013-09-30 08:25:53 -------- d-----w- C:\Users\Proud Owner\AppData\Roaming\DefaultTab
2013-09-30 08:25:48 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-09-12 10:07:12 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-12 08:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-11 15:59:02 -------- d-----w- C:\Users\Proud Owner\AppData\Local\Blizzard Entertainment
2013-09-11 15:25:54 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-09-11 15:25:54 29984 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-09-11 15:25:54 28448 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-11 15:25:46 -------- d-----w- C:\Users\Proud Owner\AppData\Local\NVIDIA
2013-09-11 15:21:00 1832224 ----a-w- C:\Windows\System32\nvdispco6432049.dll
2013-09-11 15:21:00 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432049.dll
.
==================== Find3M  ====================
.
2013-10-04 20:18:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-04 20:18:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-12 07:25:43 6599968 ----a-w- C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43 3452192 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40 920864 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-09-11 22:06:31 3361114 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 11:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-15 15:35:02 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-07-15 15:35:02 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-07-15 15:35:02 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 10:20:52.11 ===============
 
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/8/2011 1:26:07 PM
System Uptime: 10/6/2013 8:39:29 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | SABERTOOTH P67
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 689.722 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP262: 9/22/2013 2:04:00 PM - Windows Update
RP263: 9/27/2013 9:30:31 AM - Windows Update
RP264: 10/1/2013 8:46:15 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.8)
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Aion
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
Bluetooth Suite (64)
Bonjour
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDVD 8
CyberLink PowerProducer
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DMUninstaller
Don't Starve
Dropbox
Dungeons & Dragons Online ®:  Eberron Unlimited ™ v01.17.01.801
ENUWI-N4 Wireless USB Adapter
Express Burn
Firestorm-Release (remove only)
Futuremark SystemInfo
GeForce Experience NvStream Client Components
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
Intel® Management Engine Components
Intel® Network Connections 15.6.25.0
iTunes
Java Auto Updater
Java 6 Update 29
JMicron JMB36X Driver
Kaspersky PURE 3.0
League of Legends
LG Tool Kit
LG United Mobile Driver
LightScribe System Software
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 91xx driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 4
Microsoft Expression Encoder 4 Pro
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft IntelliPoint 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCSOFT Game Launcher
Nikon Message Center 2
Nikon Movie Editor
NVIDIA 3D Vision Controller Driver 326.01
NVIDIA 3D Vision Driver 327.23
NVIDIA Alien vs. Triangles demo
NVIDIA Control Panel 327.23
NVIDIA Endless City demo
NVIDIA GeForce Experience 1.6.1
NVIDIA Graphics Driver 327.23
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 8.3.14
NVIDIA Update Components
NVIDIA Virtual Audio 1.2.5
OpenOffice.org 3.3
Orcs Must Die! 2
Pando Media Booster
PDF Settings
Picture Control Utility
Pixillion Image Converter
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Safari
SaltarSmart 1.0.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2760597) 32-Bit Edition
Security Update for Microsoft Expression Design 4 (KB2667730)
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition
SHIELD Streaming
Singularity (remove only)
Skype Click to Call
Skype™ 6.7
Spotify
StartNow Toolbar
Steam
The Elder Scrolls V: Skyrim
Torchlight II
Total War: SHOGUN 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
ViewNX 2
VLC media player 1.1.11
Winamp
Winamp Detector Plug-in
Windows Driver Package - Realtek Semiconductor Corp. (RTL8192su) Net  (08/15/2009 1085.7.0815.2009)
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 12:41:36 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
9/30/2013 12:41:36 AM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/30/2013 1:26:11 AM, Error: Service Control Manager [7030]  - The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
10/1/2013 8:17:08 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/1/2013 1:21:22 PM, Error: Service Control Manager [7034]  - The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.7.1 _x64_ [Oct  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Proud Owner [Admin rights]

Mode : Scan -- Date : 10/07/2013 09:12:55

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD1002FAEX-00Y9A0 ATA Device +++++

--- User ---

[MBR] ba9ef1bc510187704b8f815698b56753

[bSP] 05eb8174c41ef18034f134a5f0b6ffb4 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_10072013_091255.txt >>
Link to post
Share on other sites

What's your concerns with the computer??

--------------------------
 

AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

 


Please disable Windows Defender, you have Kaspersky running, there's no need to have 2 AVs running on the computer, they only conflict with each other.
Dangers of running 2 anti-virus programs

---------------------------------------

I do see some adware installed, let get rid of that first:

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

MrC

 

Windows Defender is now disabled.

 

When I run Firefox or Chrome I get strange pop-ups... sounds like adware?

 

Here's the AdwCleaner report... I have not pressed the "clean" button yet...

 

 

# AdwCleaner v3.006 - Report created 07/10/2013 at 13:28:02
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Proud Owner - PROUDOWNER-PC
# Running from : C:\Users\Proud Owner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\searchplugins\Conduit.xml
File Found : C:\Users\Proud Owner\Desktop\Optimizer Pro.lnk
File Found : C:\Users\PROUDO~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\PROUDO~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\PROUDO~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\PROUDO~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\PROUDO~1\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Users\Proud Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
Folder Found : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MyPC Backup
Folder Found C:\Program Files (x86)\MyPC Backup 
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files (x86)\StartNow Toolbar
Folder Found C:\Program Files (x86)\Vafmusic2
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Proud Owner\AppData\Local\Conduit
Folder Found C:\Users\Proud Owner\AppData\Local\StartNow
Folder Found C:\Users\Proud Owner\AppData\LocalLow\Conduit
Folder Found C:\Users\Proud Owner\AppData\LocalLow\Vafmusic2
Folder Found C:\Users\Proud Owner\AppData\Roaming\DefaultTab
Folder Found C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\CT3294791
Folder Found C:\Users\Proud Owner\AppData\Roaming\optimizer pro
Folder Found C:\Users\Proud Owner\AppData\Roaming\Searchprotect
Folder Found C:\Users\Proud Owner\AppData\Roaming\StartNow Toolbar
Folder Found C:\Users\PROUDO~1\AppData\Local\Temp\Desk365
Folder Found C:\Users\PROUDO~1\AppData\Local\Temp\Desk365
Folder Found C:\Users\PROUDO~1\AppData\Local\Temp\Desk365
Folder Found C:\Users\PROUDO~1\AppData\Local\Temp\Desk365
Folder Found C:\Users\PROUDO~1\AppData\Local\Temp\Desk365
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AppDataLow\Software\Vafmusic2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\b1.org
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\b1.org
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\b1.org
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\chdboodilddefglllfoimeceomkpmkbi
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C7089ED-7489-4141-AFB0-C081A4BAF053}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9415DF24-1BCA-4ED1-AFD1-F8BF28DE388C}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\Software\SaltarSmart
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKLM\Software\Vafmusic2
Key Found : [x64] HKLM\SOFTWARE\b1.org
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaltarSmart
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\prefs.js ]
 
Line Found : user_pref("CT3294791.FF19Solved", "true");
Line Found : user_pref("CT3294791.UserID", "UN62005762623989149");
Line Found : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3294791.fullUserID", "UN62005762623989149.IN.20130930012630");
Line Found : user_pref("CT3294791.installDate", "30/09/2013 01:26:30");
Line Found : user_pref("CT3294791.installSessionId", "{657EB95D-FB93-46E8-BE92-0EA2BB4092B9}");
Line Found : user_pref("CT3294791.installSp", "TRUE");
Line Found : user_pref("CT3294791.installerVersion", "1.7.1.4");
Line Found : user_pref("CT3294791.keyword", "true");
Line Found : user_pref("CT3294791.originalSearchEngine", "Bing");
Line Found : user_pref("CT3294791.originalSearchEngineName", "Bing");
Line Found : user_pref("CT3294791.searchRevert", "false");
Line Found : user_pref("CT3294791.searchUserMode", "2");
Line Found : user_pref("CT3294791.smartbar.homepage", "true");
Line Found : user_pref("CT3294791.versionFromInstaller", "10.20.1.8");
Line Found : user_pref("CT3294791.xpeMode", "0");
Line Found : user_pref("browser.search.defaultenginename", "Vafmusic2 Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Line Found : user_pref("smartbar.machineId", "SA8QCUMBDLTWUUS/P8BSDSA75YYJ72MMITNMXZUHQ7WI5ZPFRUTBXJRVP7K5NHAATAUYUDB9GQ/4D1TH4IAXAA");
 
-\\ Google Chrome v
 
[ File : C:\Users\Proud Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [13337 octets] - [07/10/2013 13:28:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13398 octets] ##########
Link to post
Share on other sites

Here is the AdwCleaner report after cleaning... followed by mbam log.

 

I then opened both Firefox and Chrome and they seem back to normal.

 

 

 

# AdwCleaner v3.006 - Report created 07/10/2013 at 14:41:24
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Proud Owner - PROUDOWNER-PC
# Running from : C:\Users\Proud Owner\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup 
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
Folder Deleted : C:\Program Files (x86)\Vafmusic2
Folder Deleted : C:\Users\Proud Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Proud Owner\AppData\Local\StartNow
Folder Deleted : C:\Users\PROUDO~1\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\Proud Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Proud Owner\AppData\LocalLow\Vafmusic2
Folder Deleted : C:\Users\Proud Owner\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Proud Owner\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\Proud Owner\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Proud Owner\AppData\Roaming\StartNow Toolbar
Folder Deleted : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\CT3294791
Folder Deleted : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\Extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Deleted : C:\Users\Proud Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
File Deleted : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\PROUDO~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Proud Owner\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\searchplugins\Conduit.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\chdboodilddefglllfoimeceomkpmkbi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F3F960E-A836-45CA-8911-0ACCB522246E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C7089ED-7489-4141-AFB0-C081A4BAF053}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9415DF24-1BCA-4ED1-AFD1-F8BF28DE388C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7F3F960E-A836-45CA-8911-0ACCB522246E}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\b1.org
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic2
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\b1.org
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\SaltarSmart
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\StartNow Toolbar
Key Deleted : HKLM\Software\Vafmusic2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\b1.org
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaltarSmart
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page Restore]
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Proud Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z7miy6ej.default\prefs.js ]
 
Line Deleted : user_pref("CT3294791.FF19Solved", "true");
Line Deleted : user_pref("CT3294791.UserID", "UN62005762623989149");
Line Deleted : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3294791.fullUserID", "UN62005762623989149.IN.20130930012630");
Line Deleted : user_pref("CT3294791.installDate", "30/09/2013 01:26:30");
Line Deleted : user_pref("CT3294791.installSessionId", "{657EB95D-FB93-46E8-BE92-0EA2BB4092B9}");
Line Deleted : user_pref("CT3294791.installSp", "TRUE");
Line Deleted : user_pref("CT3294791.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3294791.keyword", "true");
Line Deleted : user_pref("CT3294791.originalSearchEngine", "Bing");
Line Deleted : user_pref("CT3294791.originalSearchEngineName", "Bing");
Line Deleted : user_pref("CT3294791.searchRevert", "false");
Line Deleted : user_pref("CT3294791.searchUserMode", "2");
Line Deleted : user_pref("CT3294791.smartbar.homepage", "true");
Line Deleted : user_pref("CT3294791.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3294791.xpeMode", "0");
Line Deleted : user_pref("browser.search.defaultenginename", "Vafmusic2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Line Deleted : user_pref("smartbar.machineId", "SA8QCUMBDLTWUUS/P8BSDSA75YYJ72MMITNMXZUHQ7WI5ZPFRUTBXJRVP7K5NHAATAUYUDB9GQ/4D1TH4IAXAA");
 
-\\ Google Chrome v
 
[ File : C:\Users\Proud Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [13535 octets] - [07/10/2013 13:28:02]
AdwCleaner[s0].txt - [12617 octets] - [07/10/2013 14:41:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12678 octets] ##########
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.07.12
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Proud Owner :: PROUDOWNER-PC [administrator]
 
10/7/2013 3:10:10 PM
mbam-log-2013-10-07 (15-10-10).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256967
Time elapsed: 3 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Users\Proud Owner\AppData\Local\Temp\installdt.tmp (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
 
Files Detected: 1
C:\Users\Proud Owner\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
 
(end)
 
Link to post
Share on other sites

Good.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.74  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Kaspersky PURE 3.0   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 29  

 Java version out of Date! 

 Adobe Flash Player 11.8.800.168  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Mozilla Firefox (24.0) 

 Google Chrome 29.0.1547.76  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall this and any other Java listed in your add/remove programs:
Java™ 6 Update 29


Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 40) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

---------------------------------------------

Adobe Reader 10.1.8 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

---------------------------------------------

Google Chrome 29.0.1547.76
Google Chrome 30.0.1599.69


Please update your Chrome, should be version 30.0.1599.69

Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)


---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.


-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.