3 Infected Files I can't Get Rid Of - Please help - Thanks

[popart]

here is some info i've gotten.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Bess at 6:25:56 on 2014-01-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5610.3354 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\Bess\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.1\AVG SafeGuard toolbar_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [spotify Web Helper] "C:\Users\Bess\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Bess\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A6AD40C3-9B98-4233-BF2F-630B2EE60BA6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\



FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bess\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2013-02-26 08:20; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - b877c789000000000000e840f2b91448
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15968
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.612:41:41
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=160913_nocpn&tsp=5011
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-4-12 78976]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-4-12 38528]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-7-14 55856]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-8-28 46368]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-8-2 29792]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-12 204288]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356128]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-10 701512]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-8-23 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-8-23 460288]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-4-12 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [2013-11-20 1643696]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2012-5-25 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2012-7-25 29280]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-10 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-12 533096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2012-4-12 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 rcmirror;HP RC Mirror Driver;C:\windows\System32\drivers\rcmirror64.sys [2012-8-13 13120]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-31 22:17:45    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C84E475D-B46C-4BE8-9729-610A38690BF1}\mpengine.dll
2013-12-11 04:12:50    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 04:12:50    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 04:12:49    12625920    ----a-w-    C:\windows\System32\wmploc.DLL
2013-12-11 04:12:48    12625408    ----a-w-    C:\windows\SysWow64\wmploc.DLL
2013-12-11 04:08:57    81408    ----a-w-    C:\windows\System32\imagehlp.dll
.
==================== Find3M  ====================
.
2013-12-11 11:01:14    29792    ----a-w-    C:\windows\System32\drivers\klim6.sys
2013-12-11 11:01:13    458336    ----a-w-    C:\windows\System32\drivers\kl1.sys
2013-12-10 20:22:15    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 20:22:15    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\windows\System32\WMPhoto.dll
2013-11-20 14:40:04    46368    ----a-w-    C:\windows\System32\drivers\avgtpx64.sys
2013-11-19 08:33:38    267936    ------w-    C:\windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-10-19 01:36:59    159232    ----a-w-    C:\windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\windows\SysWow64\cscript.exe
2013-10-10 13:12:00    29280    ----a-w-    C:\windows\System32\drivers\klmouflt.sys
2013-10-10 13:12:00    29280    ----a-w-    C:\windows\System32\drivers\klkbdflt.sys
2013-10-08 11:50:37    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35    1474048    ----a-w-    C:\windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\windows\SysWow64\crypt32.dll
.
============= FINISH:  6:26:42.44 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/14/2012 12:18:53 PM
System Uptime: 1/2/2014 5:47:08 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2ACF
Processor: AMD A6-3620 APU with Radeon HD Graphics | P0 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 831.608 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.098 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID:
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID:
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID:
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
==== System Restore Points ===================
.
RP287: 12/17/2013 4:54:24 PM - Windows Update
RP288: 12/20/2013 7:26:12 PM - Windows Update
RP289: 12/22/2013 7:00:05 PM - Windows Backup
RP290: 12/26/2013 7:00:56 AM - Windows Update
RP291: 12/29/2013 7:00:07 PM - Windows Backup
RP292: 12/31/2013 5:17:19 PM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
8000A809
8000A809_eDocs
8000A809_Help
Adobe AIR
Adobe AIR Free Download Packages
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 10
Adobe Photoshop.com Inspiration Browser
Adobe Reader XI (11.0.05)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
APC PowerChute Personal Edition
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BatBrowse 1.0.0
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
Dropbox
EasySolve
Elements 10 Organizer
Epson Copy Utility 3.5
Epson Event Manager
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Scan
eReg
File Type Assistant
Flash Player Pro V5.4
Google Chrome
GPBaseService2
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Imaging Device Functions 13.0
HP Odometer
HP Officejet Pro 8000 A809 Series
HP Product Detection
HP RSS
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPProductAssistant
iTunes
iTunes Free Download Packages
Java 7 Update 45
Java Auto Updater
Java 7 Update 5 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Kaspersky Anti-Virus 2013
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Firefox Free Download Packages
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
myPrintMileage (Officejet Pro 8000 A809)
Network64
NexGen Media Player - a modern video player
OpenOffice 4.0.1
OpenOffice Impress Free Download Packages
opensource
Opera 12.15
PDF Complete Special Edition
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
ProductContext
PSE10 STI Installer
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
SmartWebPrinting
SolutionCenter
Spotify
Status
Toolbox
TrayApp
TSHostedAppLauncher
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

here's the 3rd file:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Bess\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun

 

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[popart]

1. how do i do this?

Make sure system restore is turned on and running

 

2. also i deleted bittorrent after i ran the scan. should i redo the scan?

------------------------------------------------------------------------------------------------------------------------------------------

 

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bess [Admin rights]
Mode : Scan -- Date : 01/02/2014 09:03:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH][DLL] rundll32.exe -- C:\Users\Bess\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [7] -> rundll32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] BackgroundContainer Startup Task : "C:\windows\SysWOW64\Rundll32.exe" - "C:\Users\Bess\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Bess\AppData\Local\Temp\IHU463.tmp.exe [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721010CLA630 SATA Disk Device +++++
--- User ---
[MBR] 9f978639295e9ca959f3b7eb09f98be1
[bSP] 5c3c2d0be765e9f125129b1c95bd3ed0 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01022014_090309.txt >>



 

[MrCharlie]

1. how do i do this?
Make sure system restore is turned on and running

http://www.wikihow.com/Use-System-Restore-on-Windows-7

2. also i deleted bittorrent after i ran the scan. should i redo the scan?

No

-------------------------------------------------------

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[popart]

i checked and saw that system restore is turned on for 2 drives: os(c:) (system) and hp_recovery (d).  should i configure restore points right now for drives that have system protection turned on?

[MrCharlie]

You what system restore turned on for C:\

 

Create a new system restore point:

 

http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/

 

MrC

[popart]

the system restore for c says it's turned on.
did you mean i should also establish a NEW system restore point for c?

[MrCharlie]

Yes..Please

 

MrC

[popart]

i don't recognize anything. should i save anything?

 

 

# AdwCleaner v3.016 - Report created 02/01/2014 at 11:44:05
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bess - BESS-HP
# Running from : C:\Users\Bess\Downloads\AdwCleaner(3).exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Bess\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\5vmo5yko.default\Extensions\wtxpcom@mybrowserbar.com
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\5vmo5yko.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\5vmo5yko.default\user.js
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\defaulttab.config
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\invalidprefs.js
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\searchplugins\Babylon.xml
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\searchplugins\Conduit.xml
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\searchplugins\search.xml
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\user.js
File Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\mData\user.js
File Found : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\windows\System32\Tasks\BrowserDefendert
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
Folder Found : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\InternetHelper3.1
Folder Found C:\Program Files (x86)\internethelper3.1
Folder Found C:\Program Files (x86)\Mobogenie
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BrowserDefender
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\Users\Bess\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Bess\AppData\Local\AVG Secure Search
Folder Found C:\Users\Bess\AppData\Local\Conduit
Folder Found C:\Users\Bess\AppData\Local\filetypeassistant
Folder Found C:\Users\Bess\AppData\Local\Mobogenie
Folder Found C:\Users\Bess\AppData\Local\NativeMessaging
Folder Found C:\Users\Bess\AppData\Local\Temp\AirInstaller
Folder Found C:\Users\Bess\AppData\Local\Temp\boost_interprocess
Folder Found C:\Users\Bess\AppData\Local\WhiteListing
Folder Found C:\Users\Bess\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Bess\AppData\LocalLow\Conduit
Folder Found C:\Users\Bess\AppData\LocalLow\internethelper3.1
Folder Found C:\Users\Bess\AppData\LocalLow\InternetHelper3.1
Folder Found C:\Users\Bess\AppData\Roaming\24x7 help
Folder Found C:\Users\Bess\AppData\Roaming\DefaultTab
Folder Found C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\CT3289663
Folder Found C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\Smartbar
Folder Found C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\ValueApps
Folder Found C:\Users\Bess\AppData\Roaming\Searchprotect

***** [ Shortcuts ] *****



***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Found : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\Delta
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKLM\Software\InternetHelper3.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48124985-4710-4A5C-9824-271359BF67F4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA45794-1735-485B-9D90-03B3FB1B21D3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BatBrowse
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\5vmo5yko.default\prefs.js ]


[ File : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\prefs.js ]

Line Found : user_pref("CT3289663.1000082.isPlayDisplay", "true");

Line Found : user_pref("CT3289663.1000234.TWC_TMP_city", "PORTSMOUTH");
Line Found : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Found : user_pref("CT3289663.1000234.TWC_locId", "USNH0191");
Line Found : user_pref("CT3289663.1000234.TWC_location", "Portsmouth, NH");
Line Found : user_pref("CT3289663.1000234.TWC_region", "US");
Line Found : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Found : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Found : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.FF19Solved", "true");
Line Found : user_pref("CT3289663.FirstTime", "true");
Line Found : user_pref("CT3289663.FirstTimeFF3", "true");

Line Found : user_pref("CT3289663.UserID", "UN38768492591101111");
Line Found : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3289663.autoDisableScopes", 14);
Line Found : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289663.countryCode", "US");
Line Found : user_pref("CT3289663.defaultSearch", "true");
Line Found : user_pref("CT3289663.enableAlerts", "true");
Line Found : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Found : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3289663.fixUrls", true);
Line Found : user_pref("CT3289663.fullUserID", "UN38768492591101111.IN.20130821234146");
Line Found : user_pref("CT3289663.homepageuserchanged", true);
Line Found : user_pref("CT3289663.installDate", "21/08/2013 23:41:45");
Line Found : user_pref("CT3289663.installId", "stub.exe");
Line Found : user_pref("CT3289663.installSessionId", "{365BE99D-D617-4FEB-B40A-12CC0E1EB38E}");
Line Found : user_pref("CT3289663.installSp", "TRUE");
Line Found : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Found : user_pref("CT3289663.installUsage", "2013-08-22T06:42:23.4817456+03:00");
Line Found : user_pref("CT3289663.installUsageEarly", "2013-08-22T06:42:21.391292+03:00");
Line Found : user_pref("CT3289663.installerVersion", "1.6.0.22");
Line Found : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289663.keyword", "true");

Line Found : user_pref("CT3289663.lastVersion", "10.23.0.822");
Line Found : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289663.migrateAppsAndComponents", true);
Line Found : user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fforums.malwarebytes.org%2Findex.php%3Fshowtopic%3D139518%23entry772130\",\"EB_MAIN_FRAME_TI[...]
Line Found : user_pref("CT3289663.openThankYouPage", "false");
Line Found : user_pref("CT3289663.openUninstallPage", "true");

Line Found : user_pref("CT3289663.originalSearchAddressUrl", "");
Line Found : user_pref("CT3289663.originalSearchEngine", "");
Line Found : user_pref("CT3289663.originalSearchEngineName", "");
Line Found : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Found : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Found : user_pref("CT3289663.search.searchCount", "0");
Line Found : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3289663.searchRevert", "false");
Line Found : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3289663.searchUserMode", "2");
Line Found : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");

Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
Line Found : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1388629834977");
Line Found : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377142944042");
Line Found : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1377142943887");
Line Found : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377142943976");
Line Found : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1377142943250");
Line Found : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1377142944513");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377631263119");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.16.9.6_lastUpdate", "1377142944208");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378727134378");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380027990543");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382269231776");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384144772846");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.21.1.7_lastUpdate", "1382372118212");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384421469372");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.22.3.518_lastUpdate", "1384951207276");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386788952313");
Line Found : user_pref("CT3289663.serviceLayer_services_login_10.23.0.822_lastUpdate", "1388673292269");
Line Found : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377142943937");
Line Found : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1388629834714");
Line Found : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1388629834624");
Line Found : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377142943896");
Line Found : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1388680492751");
Line Found : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1388629834735");
Line Found : user_pref("CT3289663.settingsINI", true);
Line Found : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3289663.showToolbarPermission", "false");
Line Found : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Found : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289663.smartbar.homepage", "true");
Line Found : user_pref("CT3289663.smartbar.isHidden", true);
Line Found : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Found : user_pref("CT3289663.startPage", "true");
Line Found : user_pref("CT3289663.toolbarBornServerTime", "22-8-2013");
Line Found : user_pref("CT3289663.toolbarCurrentServerTime", "2-1-2014");
Line Found : user_pref("CT3289663.toolbarLoginClientTime", "Wed Aug 21 2013 23:42:24 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3289663.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3289663.xpeMode", "3");
Line Found : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388680721837,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
Line Found : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");

Line Found : user_pref("extensions.50670dbb6d1e8.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/14[...]
Line Found : user_pref("extensions.50674e12bd2f3.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/14[...]
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "b877c789000000000000e840f2b91448");
Line Found : user_pref("extensions.delta.instlDay", "15968");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.24.612:41:41");
Line Found : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=160913_nocpn&tsp=5011");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2012062609");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "^ZX^xdm084^S01783^us");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "TMRRc11cr0004_39381414");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "C89D0412-8F33-414C-81A2-C84D88B947D2");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1340717826745");
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "03101");
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "radiorage@mindspark.com");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
Line Found : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Found : user_pref("extentions.webcake.installId", "7342f50f-66ed-406e-a0f6-8dd4e2f17ad4");

Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("show.CT3289663", false);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3289663");


Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289663");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3289663");
Line Found : user_pref("smartbar.machineId", "MJBH4ZPCXPJ/ZFQ0YVMGDNJP8WIEZJESBQPTXUU/KVY07T/UV1FICA2D/FG/+UP635FWZHSULT2BOK4V6W9J8Q");

Line Found : user_pref("valueApps.CT3289663.mam_gk_currentVersion", "312E31322E302E35");
Line Found : user_pref("valueApps.CT3289663.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.CT3289663.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Found : user_pref("valueApps.CT3289663.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Found : user_pref("valueApps.CT3289663.mam_gk_migrated_from_ls", "31");
Line Found : user_pref("valueApps.CT3289663.mam_gk_migrated_from_ls.storedInFile", false);

[ File : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Bess\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [31549 octets] - [02/01/2014 11:44:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [31610 octets] ##########
 

[MrCharlie]

It's safe to delete them all.

MrC

[popart]

how do i delete them all? from where?

[MrCharlie]

Here's the directions again:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

MrC

[popart]

the report i emailed you is on notepad so obviously no way to delete on there.

did you mean to click "clean" on the adw cleaner window to delete the files and folders

or did you mean to delete the toolbar updater remaining after scan on adw cleaner.

 

[popart]

[MrCharlie]

Run AdwCleaner > click Scan and then Clean.

I don't get what's so hard about it???

MrC

[popart]

# AdwCleaner v3.016 - Report created 02/01/2014 at 14:54:10
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bess - BESS-HP
# Running from : C:\Users\Bess\Downloads\AdwCleaner(3).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Bess\AppData\Local\filetypeassistant

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\5vmo5yko.default\prefs.js ]


[ File : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\7lpz6co7.default\prefs.js ]


[ File : C:\Users\Bess\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ]


*************************

AdwCleaner[R0].txt - [31767 octets] - [02/01/2014 11:44:05]
AdwCleaner[R1].txt - [1181 octets] - [02/01/2014 14:47:18]
AdwCleaner[R2].txt - [1258 octets] - [02/01/2014 14:53:32]
AdwCleaner[s0].txt - [31531 octets] - [02/01/2014 14:43:47]
AdwCleaner[s1].txt - [1249 octets] - [02/01/2014 14:48:01]
AdwCleaner[s2].txt - [1184 octets] - [02/01/2014 14:54:10]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1244 octets] ##########
 

[popart]

did i send you the correct thing?

[MrCharlie]

Yes did you run a FULL Scan with Malwarebytes and where's the log??

MrC

[popart]

i thought the malwarebytes log was one of first things i posted, but in any case here is last log. i ran it about 6 times trying to get rid of virus.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bess :: BESS-HP [administrator]

Protection: Enabled

1/2/2014 6:24:14 AM
mbam-log-2014-01-02 (06-24-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214086
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[popart]

here is log right before the one i just sent you.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bess :: BESS-HP [administrator]

1/2/2014 5:49:19 AM
MBAM-log-2014-01-02 (05-59-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214204
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Bess\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MrCharlie]

What were the "3 Infected Files you couldn't get rid of" ??

MrC

[popart]

HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> No action taken.

 

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Bess\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> No action taken.

[MrCharlie]

Are they gone now?? MrC

[popart]

i just finished running a full malwarebytes scan, and it was clean! how did that happen?

 

here's the log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Bess :: BESS-HP [administrator]

Protection: Enabled

1/2/2014 4:54:11 PM
mbam-log-2014-01-02 (16-54-11).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393792
Time elapsed: 59 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[popart]

how did it remove the PUPs?