Yinyue Posted December 3, 2013 ID:760224 Share Posted December 3, 2013 I was directed to this forum to seek help. I got hacked on an online game(Mabinogi) and I'm not sure how. I can eliminate the possibility of someone knowing my password because I did not share it with anyone. You log into the game with ID and password, then a secondary password that you push in through clicking a virtual keyboard. I'm guessing I was hacked through something in my computer.I scanned my computer with Malwarebytes and saved the log. Do I PM it to one of you guys? Link to post Share on other sites More sharing options...
Maniac Posted December 3, 2013 ID:760450 Share Posted December 3, 2013 Hello Yinyue and ! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post your log files in a new reply in this thread: http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
Yinyue Posted December 4, 2013 Author ID:760536 Share Posted December 4, 2013 Hello, thank you for your help. Log: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.21.2Run by Jackie at 18:26:05 on 2013-12-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1182 [GMT -6:00].AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXEC:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\SysWOW64\vmnat.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\Windows\SysWOW64\vmnetdhcp.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXEC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\RocketDock\RocketDock.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Program Files (x86)\Sticky-Notes\stickynotes.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\ManyCam\Bin\ManyCam.exeC:\Program Files (x86)\KuGou7\KuGou.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files (x86)\AVG\AVG2012\avgtray.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files (x86)\Real\realplayer\Update\realsched.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\BlueStacks\HD-Agent.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\KuGou7\KgDaemon.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\KuGou7\KGService.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\KuGou7\IEBox.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exeC:\Program Files (x86)\AVG\AVG2012\avgcfgex.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dlluURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dllmURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dllmWinlogon: Userinit = userinit.exe,BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: PIPI Link Helper: {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\Jackie\AppData\Roaming\PIPI\JfCheck.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllBHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dllBHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: TBSB08993 Class: {FD4E08F0-3DE7-4014-99C9-A84E5A99A2AD} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dllBHO: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dllTB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllTB: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dllTB: XfireXO Toolbar: {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} -TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dllTB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dllTB: HyperCam Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dllTB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dlluRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimizeduRun: [sticky-Notes] C:\Program Files (x86)\Sticky-Notes\stickynotes.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorunuRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silentuRun: [Google Update] "C:\Users\Jackie\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [KuGou8] C:\Program Files (x86)\KuGou7\KuGou.exe -MiniuRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -update pluginmRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startupmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osbootmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\Users\Jackie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exeStartupFolder: C:\Users\Jackie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\start.lnk - C:\Users\Jackie\npfle\start.vbsuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:255mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-Windows\System: UseOEMBackground = dword:1IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllLSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dllTCP: Interfaces\{1F384303-C5E5-476B-AC39-5E537A600002} : DHCPNameServer = 172.16.0.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0} : DHCPNameServer = 172.16.0.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\0484F6D65683335453 : DHCPNameServer = 68.87.85.102 68.87.69.150 0.0.0.0TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\265616E6 : DHCPNameServer = 10.0.0.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\35845425A494C4D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\37F697265616E6 : DHCPNameServer = 10.0.0.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\74A4A425F56416D696C697D27657563747 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.33.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\C696E6B6379737 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D5D00D5F-9CA0-4E4B-8FA1-93D8C9C513A0}\E4544574541425 : DHCPNameServer = 192.168.1.1Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou7\KuGoo3DownXControl.ocxHandler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou7\KuGoo3DownXControl.ocxHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dllNotify: SDWinLogon - SDWinLogon.dllAppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLLSSODL: WebCheck - <orphaned>x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exex64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>x64-Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\kyd36n1w.default\FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web SearchFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dllFF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Users\Jackie\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dllFF - plugin: C:\Users\Jackie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Users\Jackie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Jackie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Jackie\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-30 55856]R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2013-11-26 297336]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-8-7 70984]R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-8-7 384840]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-29 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-29 701512]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-11-29 3921880]R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-11-29 1042272]R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-11-29 171416]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-30 172704]R3 Disc Soft Bus Service;Disc Soft Bus Service;C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [2013-3-6 580672]R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;C:\Windows\System32\drivers\dtscsibus.sys [2013-4-2 29696]R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-8-1 44928]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-29 25928]R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-9-30 215552]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-30 393728]S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-8-7 393032]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-24 30192]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-7-27 31800]S3 sj;sj;C:\AeriaGames\EdenEternal\sjcs64.sys [2010-11-19 47224]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-3 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-5 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-30 648432]S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-9-21 539184]S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-6-28 935008].=============== File Associations ===============.FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2013-11-30 00:15:02 21040 ----a-w- C:\Windows\System32\sdnclean64.exe2013-11-30 00:14:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2013-11-30 00:14:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22013-11-30 00:11:06 -------- d-----w- C:\Users\Jackie\AppData\Roaming\Malwarebytes2013-11-30 00:10:35 -------- d-----w- C:\ProgramData\Malwarebytes2013-11-30 00:10:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-30 00:10:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-29 06:35:07 -------- d-sh--r- C:\Users\Jackie\npfle2013-11-29 06:32:50 -------- d-sh--r- C:\Users\Jackie\kgata2013-11-29 04:43:17 -------- d-sh--r- C:\Users\Jackie\afesm2013-11-29 01:38:10 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-29 01:38:10 -------- d-----w- C:\Program Files\iTunes2013-11-29 01:38:10 -------- d-----w- C:\Program Files\iPod2013-11-29 01:38:10 -------- d-----w- C:\Program Files (x86)\iTunes2013-11-28 07:04:20 -------- d-sh--r- C:\Users\Jackie\rhgmk2013-11-26 18:24:27 -------- d-----w- C:\Users\Jackie\AppData\Roaming\360Login2013-11-26 18:20:39 -------- d-sh--r- C:\360SANDBOX2013-11-26 18:20:37 297336 ----a-w- C:\Windows\System32\drivers\360Box64.sys2013-11-26 18:19:17 -------- d-----w- C:\ProgramData\{CDF32B5A-4C29-46c9-98E6-07D12E5F9A5E}.tmp2013-11-26 18:18:09 -------- d-----w- C:\Program Files (x86)\¿á¹··±ÐÇÍø2013-11-26 18:16:39 -------- d-----w- C:\Users\Jackie\AppData\Roaming\KGDataBak2013-11-26 18:16:36 -------- d-----w- C:\Users\Jackie\AppData\Roaming\KuGou82013-11-13 03:32:34 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-11-10 02:47:45 -------- d-----w- C:\Users\Jackie\AppData\Local\Adobe.==================== Find3M ====================.2013-11-27 15:35:47 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-27 15:35:47 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2010-01-01 02:47:25 628687064 ----a-w- C:\Program Files (x86)\LUNA_Client.exe.============= FINISH: 18:26:55.11 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 11/8/2009 1:23:31 PMSystem Uptime: 12/3/2013 4:51:14 PM (2 hours ago).Motherboard: Dell Inc. | | 0G848FProcessor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2100/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 279 GiB total, 80.927 GiB free.D: is CDROM ()F: is CDROM (UDF).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1639: 11/17/2013 9:38:36 PM - Windows BackupRP1640: 11/24/2013 10:19:48 PM - Windows BackupRP1641: 12/1/2013 10:15:46 PM - Windows BackupRP1642: 12/3/2013 4:58:44 PM - Windows Update.==== Installed Programs ======================.¿á¹·ÒôÀÖAdobe After Effects CS4Adobe After Effects CS4 PresetsAdobe After Effects CS4 Third Party ContentAdobe AIRAdobe Anchor Service CS4Adobe Bridge CS4Adobe CMaps CS4Adobe Color Video Profiles AE CS4Adobe Default Language CS4Adobe Device Central CS4Adobe Download ManagerAdobe Dynamiclink SupportAdobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Fonts AllAdobe Media Encoder CS4Adobe Media Encoder CS4 Additional ExporterAdobe Media Encoder CS4 ExporterAdobe Media Encoder CS4 ImporterAdobe Media PlayerAdobe MotionPicture Color Files CS4Adobe Output ModuleAdobe PDF Library Files CS4Adobe Reader 9.1.2Adobe SetupAdobe Shockwave Player 11.5Adobe Type Support CS4Adobe Update Manager CS4Adobe XMP Panels CS4AdobeColorCommonSetRGBAdvanced Audio FX EngineAkamai NetSession InterfaceAmazingMIDIApple Application SupportApple Mobile Device SupportApple Software UpdateAutoIt v3.3.6.0AVG 2012Bandisoft MPEG-1 DecoderBing BarBing Rewards Client InstallerBlueStacks App PlayerBlueStacks Notification CenterBonjourCarbonite Online Backup SetupCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCompatibility Pack for the 2007 Office systemConduit EngineConsumer In-Home Service AgreementD3DX10DAEMON Tools UltraDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DockDell Edoc ViewerDell Getting Started GuideDell Support Center (Support Software)Dell TouchpadDell Webcam CentralDell Wireless WLAN Card UtilityDeviantArt ScreensaverDragonNestEasyBits GOEdenEternalFrapsFree Mouse Auto Clicker 2.8.2Freemake Video Converter version 3.2.1Game Booster 3Gimp 2.6.0Google DesktopGoogle Earth Plug-inGoogle Talk PluginGoogle Update HelperGoToAssist 8.0.0.514Guild WarsHappy Cloud ClientHyperCam 2HyperCam 3HyperCam ToolbariCamSourceIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerintelliScore Polyphonic WAV to MIDI Converter DemoInternet TV for Windows Media CenteriSCCiTunesJava 7 Update 21Java Auto UpdaterJava 6 Update 14 (64-bit)Java 6 Update 22Java 6 Update 31JavaFX 2.1.1Junk Mail filter updateKBS Kong v3League of LegendsliteCam EvaluationLive! Cam Avatar CreatorLogMeIn HamachiMalwarebytes Anti-Malware version 1.75.0.1300ManyCam 3.1.59McAfee Security Scan PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMinecraft CrackedMovie MakerMozilla Firefox 23.0.1 (x86 en-US)Mozilla Maintenance ServiceMp3 Tempo Changer 1.1MSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64Nexon Game Manager“Œ•ûƒXƒJƒCƒAƒŠ[ƒiEŒ¶‘z‹½‹óí•PooVooOpenOffice.org 3.4.1osu!Paint.NET v3.5.8Pando Media BoosterPazera Free MP4 to AVI Converter 1.6PhoneClean 2.2.2Photo CommonPhoto GalleryPhotoshop Camera RawPixel Bender ToolkitPowerDVD DXQuickset64QuickTimeRainmeterRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1Revo Uninstaller Pro 2.5.8RocketDock 1.3.5Roxio BurnRoxio Update ManagerS4 League_EUSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Skype Click to CallSkype™ 6.9Spybot - Search & DestroySticky-NotesSuite Shared Configuration CS4TeamViewer 7TERATERA Japanese NPC Voice Patch version 1.1TinychatTinychat Installertools-freebsdtools-linuxtools-netwaretools-solaristools-windowstools-winPre2kUmineko no Naku Koro ni English v4.4UO Tiaras Moonshine ModUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)uTorrentControl_v2 ToolbarVisual Studio 2008 x64 RedistributablesVLC media player 1.0.3VMware WorkstationVOCALOID2 Editor V2.0.2.4JVOCALOID2 Expression DB (Standard)VOCALOID2 Voice DB (Miku)VOCALOID2 VSTi V2.0.2.0Windows 7 Logon Background ChangerWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Movie Maker 2.6WinPcap 4.1.2WinRAR archiverWinSCP 4.3.6WinX Free MP4 to AVI Converter 4.1.15Wisdom-soft ScreenHunter 5.1 FreeWOT for Internet ExplorerYahoo! BrowserPlus 2.9.8Yahoo! MessengerYahoo! Software UpdateYahoo! ToolbarYontoo Layers Runtime (Drop Down Deals) 1.10.01.==== Event Viewer Messages From Past Week ========.12/3/2013 5:29:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.12/3/2013 5:02:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.12/3/2013 4:54:24 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.12/2/2013 4:30:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.12/2/2013 4:30:13 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/2/2013 4:29:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.12/2/2013 4:29:31 PM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.12/2/2013 4:24:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.12/2/2013 4:24:45 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.12/1/2013 9:44:13 AM, Error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).12/1/2013 9:44:13 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781.12/1/2013 9:44:13 AM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.12/1/2013 9:44:13 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The pipe has been ended.12/1/2013 9:44:13 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.12/1/2013 9:44:13 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.11/28/2013 7:34:43 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted December 4, 2013 ID:760684 Share Posted December 4, 2013 Step 1 Please uninstall the following applications: HyperCam Toolbar uTorrentControl_v2 Toolbar Yontoo Layers Runtime (Drop Down Deals) 1.10.01 Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
Yinyue Posted December 5, 2013 Author ID:760892 Share Posted December 5, 2013 Thank you for the fast reply! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Jackie on Wed 12/04/2013 at 19:37:57.98~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1421398010-3361299138-314824536-1001\Software\Microsoft\Internet Explorer\Main\\Start Page~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengineSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbeeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitengineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1460988Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2304157Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDealsSetup-11F8_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDealsSetup-11F8_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDealsSetup-11F8_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DropDownDealsSetup-11F8_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B907B82D-CC29-4824-895C-0EB2D4F44794}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"Successfully deleted: [Folder] "C:\ProgramData\visualbee"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\local\opencandy"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\local\searchcom_001"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\locallow\conduitengine"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\locallow\toolbar4"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\locallow\utorrentcontrol_v2"Successfully deleted: [Folder] "C:\Users\Jackie\appdata\locallow\xfirexo"Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"Successfully deleted: [Folder] "C:\Program Files (x86)\baidu"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"Successfully deleted: [Folder] "C:\Program Files (x86)\hypercam toolbar"~~~ FireFoxFailed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml"Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml"Successfully deleted: [File] C:\Users\Jackie\AppData\Roaming\mozilla\firefox\profiles\kyd36n1w.default\searchplugins\conduit.xmlSuccessfully deleted: [Folder] C:\Users\Jackie\AppData\Roaming\mozilla\firefox\profiles\kyd36n1w.default\smartbarSuccessfully deleted: [Folder] C:\Users\Jackie\AppData\Roaming\mozilla\firefox\profiles\kyd36n1w.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}Successfully deleted the following from C:\Users\Jackie\AppData\Roaming\mozilla\firefox\profiles\kyd36n1w.default\prefs.jsuser_pref("CT3220468.isPerformedSmartBarTransition", "true");user_pref("CT3220468.originalSearchEngine", "uTorrentControl_v2 Customized Web Search");user_pref("CT3220468.originalSearchEngineName", "uTorrentControl_v2 Customized Web Search");user_pref("CT3220468.search.searchAppId", "129813684258939747");user_pref("CT3220468.search.searchCount", "0");user_pref("CT3220468.smartbar.CTID", "CT3220468");user_pref("CT3220468.smartbar.Uninstall", "0");user_pref("CT3220468.smartbar.homepage", true);user_pref("CT3220468.smartbar.isHidden", true);user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");user_pref("Smartbar.ConduitHomepagesList", "");user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");user_pref("browser.search.defaultenginename", "uTorrentControl_v2 Customized Web Search");user_pref("browser.search.selectedEngine", "uTorrentControl_v2 Customized Web Search");user_pref("smartbar.addressBarOwnerCTID", "CT3220468");user_pref("smartbar.defaultSearchOwnerCTID", "CT3220468");user_pref("smartbar.machineId", "ASMUKSGHQNUDBRY3QMITGM7WLJB3L5QY1MST3/MW1QCRZE82XMXI8CPQJN/2TUTWQS/UGGTHKRW5FXAX7MKQAA");Emptied folder: C:\Users\Jackie\AppData\Roaming\mozilla\firefox\profiles\kyd36n1w.default\minidumps [325 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 12/04/2013 at 19:52:52.80End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.014 - Report created 04/12/2013 at 20:19:49# Updated 01/12/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Jackie - JACKIE-PC# Running from : C:\Users\Jackie\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] *****[#] Service Deleted : vToolbarUpdater11.2.0***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\NCH SoftwareFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\NCH SoftwareFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Users\Jackie\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Jackie\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Jackie\AppData\Roaming\NCH SoftwareFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Deleted : C:\Windows\System32\Tasks\NCH Software***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmddaKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblofKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB854F4C-93E7-43A9-8351-1B1DCE393AA7}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF7BBAEB-210F-4E19-8E1B-8A8217426841}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B4C3D58-67A5-4728-9AF7-6BF4300D8B2D}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\NCH SoftwareKey Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2Key Deleted : HKCU\Software\AppDataLow\Software\XfireXOKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\NCH SoftwareKey Deleted : HKLM\Software\uTorrentControl_v2Key Deleted : HKLM\Software\XfireXO***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16736-\\ Mozilla Firefox v23.0.1 (en-US)[ File : C:\Users\Jackie\AppData\Roaming\Mozilla\Firefox\Profiles\kyd36n1w.default\prefs.js ]Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349759047,\"uuid\":617443853923042,\"seq_id\":1,\"ssb\":1349759047}");Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.FirstTime", "true");Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", false);Line Deleted : user_pref("CT3220468.UserID", "UN40936535141490343");Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);Line Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);Line Deleted : user_pref("CT3220468.cbcountry_001", "US");Line Deleted : user_pref("CT3220468.cbfirsttime", "Tue Oct 09 2012 00:04:05 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("CT3220468.countryCode", "US");Line Deleted : user_pref("CT3220468.enableAlerts", "always");Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");Line Deleted : user_pref("CT3220468.fixUrls", true);Line Deleted : user_pref("CT3220468.fullUserID", "UN40936535141490343.UP.20130703211156");Line Deleted : user_pref("CT3220468.installId", "fft3B80.tmp.exe");Line Deleted : user_pref("CT3220468.installType", "XPE");Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");Line Deleted : user_pref("CT3220468.isNewTabEnabled", false);Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.keyword", true);Line Deleted : user_pref("CT3220468.lastVersion", "10.20.0.513");Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.com%2Fwebhp%3Fhl%3Den%26tab%3Dww%23hl%3Den%26q%3Dwhy%2Bis%2Bmari%2Bdowra%2Bserve[...]Line Deleted : user_pref("CT3220468.openThankYouPage", "true");Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");Line Deleted : user_pref("CT3220468.searchInNewTabEnabled", "false");Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "true");Line Deleted : user_pref("CT3220468.searchUserMode", "false");Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1385870278743");Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349759040724");Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1349759040717");Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349759043952");Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1372802367682");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353298209214");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358388325269");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364332858924");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359681513159");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360990514217");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363241599295");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369197439324");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372825331542");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375051037454");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379553120248");Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1385884680409");Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349759044008");Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1385870279085");Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1385870278622");Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349759041261");Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1385891868014");Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1385870278707");Line Deleted : user_pref("CT3220468.settingsINI", true);Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");Line Deleted : user_pref("CT3220468.startPage", "userChanged");Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "9-10-2012");Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "1-12-2013");Line Deleted : user_pref("CT3220468.toolbarDisabled", "true");Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 11:58:43 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386037798647,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");*************************AdwCleaner[R0].txt - [15652 octets] - [04/12/2013 20:18:41]AdwCleaner[s0].txt - [15113 octets] - [04/12/2013 20:19:49]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15174 octets] ########## Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.04.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16736Jackie :: JACKIE-PC [administrator]Protection: Enabled12/4/2013 8:25:41 PMmbam-log-2013-12-04 (20-25-41).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222191Time elapsed: 15 minute(s), 28 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maniac Posted December 5, 2013 ID:761065 Share Posted December 5, 2013 Well done! Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
Yinyue Posted December 6, 2013 Author ID:761458 Share Posted December 6, 2013 C:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$R1KB2KC.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RB458YW.bak a variant of Win32/Packed.Themida application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RBRZKY6 Win32/InstallMonetizer.AL application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$ROF7MPQ.exe multiple threats cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RU5Z96I.jar a variant of Java/Jacksbot.L trojan cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RWLJKPY Win32/InstallMonetizer.AL application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RBQPA6A\Client.exe.bak a variant of Win32/Packed.Themida application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RY3B926\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RY3B926\prxtbuTor.dll Win32/Toolbar.Conduit.O application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RY3B926\tbuTor.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\$Recycle.Bin\S-1-5-21-1421398010-3361299138-314824536-1001\$RY3B926\uTorrentControl_v2ToolbarHelper.exe Win32/Toolbar.Conduit.Q application cleaned by deleting - quarantinedC:\Nexon\Mabinogi\Client.exe.bak a variant of Win32/Packed.Themida application cleaned by deleting - quarantinedC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantinedC:\Users\Jackie\afesm\start.cmd BAT/Starter.NBI trojan cleaned by deleting - quarantinedC:\Users\Jackie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\3f8ff874-5c23a0f4 Java/Agent.DM trojan cleaned by deleting - quarantinedC:\Users\Jackie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\69928a3d-230763d1 a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantinedC:\Users\Jackie\AppData\Roaming\File.jar a variant of Java/Jacksbot.H trojan cleaned by deleting - quarantinedC:\Users\Jackie\AppData\Roaming\Tinychat Co\Tinychat Installer 1.0.3\install\TinychatAdvanced.msi multiple threats deleted - quarantinedC:\Users\Jackie\Desktop\Stuff\MABI MODS\rPE\attachments_2009_04_05.zip a variant of Win32/HackTool.rPE.A application deleted - quarantinedC:\Users\Jackie\Desktop\Stuff\MABI MODS\rPE\rPE.dll a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantinedC:\Users\Jackie\Desktop\Stuff\MABI MODS\rPE\rPE.exe a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantinedC:\Users\Jackie\Desktop\Stuff\MABI MODS\rPE\rPE_ex.dll a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantinedC:\Users\Jackie\Desktop\Stuff\n o v el t y\Ripples\Babylon8_setup.exe multiple threats deleted - quarantinedC:\Users\Jackie\Downloads\cnet_vpsetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantinedC:\Users\Jackie\kgata\start.cmd BAT/Starter.NBI trojan cleaned by deleting - quarantinedC:\Users\Jackie\npfle\start.cmd BAT/Starter.NBI trojan cleaned by deleting - quarantinedC:\Users\Jackie\rhgmk\start.cmd BAT/Starter.NBI trojan cleaned by deleting - quarantinedC:\Windows\Installer\8b0e29.msi multiple threats deleted - quarantined Link to post Share on other sites More sharing options...
Maniac Posted December 8, 2013 ID:761963 Share Posted December 8, 2013 Step 1 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application. Upgrading Java : Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, then click Remove JRE.Run the built-in uninstallers for all copies of java listedClick the Next buttonClick the Next button againClick the Java Manual Download linkA browser window will open with the Java download pageClick the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)Run the installerClose JavaRaStep 2 Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
Yinyue Posted December 10, 2013 Author ID:763062 Share Posted December 10, 2013 The log is really huge and firefox crashes when I try to paste it, what should I do? Also I can't find the Kaspersky program anymore..I had it open a few minutes ago and after I closed it, I can't find it anymore. I searched program files, control panel, and it doesn't show up in search results. Link to post Share on other sites More sharing options...
Maniac Posted December 11, 2013 ID:763312 Share Posted December 11, 2013 Did you notice to be anything detected? Link to post Share on other sites More sharing options...
Yinyue Posted December 12, 2013 Author ID:763837 Share Posted December 12, 2013 the log is 245 MB, is it supposed to be that huge? And yeah, there were like 6 or 8 things that it detected Link to post Share on other sites More sharing options...
Maniac Posted December 13, 2013 ID:764026 Share Posted December 13, 2013 Sometimes it is. How are things now? Link to post Share on other sites More sharing options...
Yinyue Posted December 19, 2013 Author ID:766074 Share Posted December 19, 2013 I uploaded the file to mediafire, is that okay? i think there's still a lot of things on my computer. a few times i got alerts from avg and it detected things in my temp files.https://www.mediafire.com/?3ber12hpopucbfusorry it's really huge, it even took like 7 mins to upload Link to post Share on other sites More sharing options...
Maniac Posted December 19, 2013 ID:766185 Share Posted December 19, 2013 Thanks! Please make sure your AVG is up-to-date and perform a full system scan. Let me know. Link to post Share on other sites More sharing options...
Yinyue Posted December 21, 2013 Author ID:767028 Share Posted December 21, 2013 Did a full scan with AVG and nothing detected(yay). I'm not sure though, Kaspersky detected a few things and could only remove some of the threats. Link to post Share on other sites More sharing options...
Maniac Posted December 21, 2013 ID:767169 Share Posted December 21, 2013 Try to re-scan with Kaspersky AVP to check these things. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2013 Root Admin ID:769794 Share Posted December 28, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts