Jump to content

infected by tusfiles.net downloader and blocking 162.210.192.21


Recommended Posts

i clicked on a download link on tusfiles.net that immediately installed stuff and removed all my chrome extensions. installed malwarebytes and ran a scan and now getting the ''Successfully blocked 162.210.192.21'' from Malwarebytes. following the instructions from the pinned thread in this forum. thanks!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by clong at 10:37:59 on 2014-01-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3259 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synergy\synergyd.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\system32\taskeng.exe
C:\Users\clong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synergy\synergyc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: greattsoaver: {E0443569-1D69-C3ED-B140-C9BF3B31BFEA} - 
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Hotspot Shield Toolbar: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\clong\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Octoshape Streaming Services] "C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [spotify Web Helper] "C:\Users\clong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{15557478-5A35-49CA-B453-12331B8D753D} : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\gsb779~1.ena
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 relog_ap
x64-BHO: SNT: {33518B14-A932-7D0A-8735-6D41407E7BEB} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: greattsoaver: {E0443569-1D69-C3ED-B140-C9BF3B31BFEA} - C:\Program Files (x86)\greattsoaver\ZVX.x64.dll
x64-BHO: YoutubeAdblocker: {ED92FB21-FA9D-1E86-DCF7-0633B045E01F} - 
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-01-05 11:14; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]
R2 1a34a8e0;GS.Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 350792]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-15 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 Synergy;Synergy;C:\Program Files\Synergy\synergyd.exe [2013-10-22 291840]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-8-3 468432]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-15 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-8-3 94864]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-23 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]
.
=============== Created Last 30 ================
.
2014-01-15 22:38:22 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3723E4F9-1079-4780-9B63-21F00A596090}\offreg.dll
2014-01-15 18:51:27 -------- d-----w- C:\Users\clong\AppData\Roaming\Malwarebytes
2014-01-15 18:51:17 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-15 18:51:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-15 18:51:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-15 18:50:30 -------- d-----w- C:\Users\clong\AppData\Local\Programs
2014-01-15 18:43:01 -------- d-----w- C:\ProgramData\SNT
2014-01-15 18:42:34 -------- d-----w- C:\ProgramData\House Of Soft
2014-01-15 18:42:29 2759168 ----a-w- C:\Program Files (x86)\GS_x64.Enabler
2014-01-15 18:42:29 146768 ----a-w- C:\Program Files (x86)\GSSvc.dll
2014-01-15 18:42:28 3041792 ----a-w- C:\Program Files (x86)\GS.Enabler
2014-01-15 18:42:14 -------- d-----w- C:\ProgramData\YoutubeAdblocker
2014-01-15 18:42:07 -------- d-----w- C:\Users\clong\AppData\Local\Packages
2014-01-15 18:42:07 -------- d-----w- C:\ProgramData\greattsoaver
2014-01-15 18:42:06 -------- d-----w- C:\Program Files (x86)\greattsoaver
2014-01-15 18:42:02 -------- d-----w- C:\Users\clong\AppData\Local\Torch
2014-01-15 18:42:02 -------- d-----w- C:\ProgramData\bdf1037d6fb04538
2014-01-15 18:42:01 -------- d-----w- C:\Users\clong\AppData\Local\Comodo
2014-01-15 18:41:29 -------- d-----w- C:\ProgramData\InstallMate
2014-01-15 17:57:31 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3723E4F9-1079-4780-9B63-21F00A596090}\mpengine.dll
2014-01-14 17:56:02 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-09 04:52:58 -------- d-----w- C:\ProgramData\boost_interprocess
2014-01-09 04:52:55 -------- d-----w- C:\Users\clong\AppData\Local\Plex Media Server
2014-01-09 04:50:26 -------- d-----w- C:\Program Files (x86)\Plex
2014-01-09 04:49:37 -------- d-----w- C:\ProgramData\Package Cache
2014-01-06 22:59:46 -------- d-----w- C:\Program Files\Synergy
2014-01-06 17:52:21 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-23 23:18:30 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-23 23:18:30 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-23 23:18:30 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-23 23:18:29 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-23 23:16:59 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-23 23:16:59 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-15 20:48:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 20:48:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-10-23 08:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 10:38:26.98 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 8/10/2010 3:01:51 PM
System Uptime: 1/15/2014 4:58:25 PM (18 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P6T SE
Processor: Intel® Core i7 CPU         930  @ 2.80GHz | LGA1366 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 466.952 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP616: 1/8/2014 11:49:14 PM - Plex Media Server
RP617: 1/9/2014 12:56:03 PM - Windows Update
RP618: 1/13/2014 12:56:05 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bing Bar
BlackBerry Desktop Software 6.0
Bonjour
BufferChm
Cake Poker 2.0
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 
Cisco WebEx Meetings
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Comical 0.8
Conduit Engine
CutePDF Writer 2.8
D3DX10
Destinations
DeviceDiscovery
DivX Setup
DocMgr
DocProc
Doyles Room
eMule
Fax
FileZilla Client 3.5.3
Full Tilt Poker
Full Tilt Poker.Net
Google Chrome
Google Talk Plugin
GoToMeeting 5.2.0.952
GPBaseService2
GS.Supporter 1.80
Hewlett-Packard ACLM.NET v1.1.0.0
Holdem Manager
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotspot_Shield Toolbar
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
IHA_MessageCenter
iTunes
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.2.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA Display Control Panel
NVIDIA Graphics Driver 331.65
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.15.2
NVIDIA Update Components
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
Online Plug-in
OpenAL
OpenOffice.org 3.2
Pando Media Booster
Picasa 3
Pidgin
Plex Media Server
PokerStars
PokerTH
PostgreSQL 8.4
QuickTime
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
SamsungSimpleDownloaderTool for SPH-D710
Scan
Seagate DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Self-service Plug-in
Shop for HP Supplies
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Songkicker
Spotify
StarCraft II
StarCraft II Beta
Status
Synergy
Toolbox
TrayApp
TweetDeck
Universal Replayer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
Veetle TV
Verizon Download Manager
Vz In-Home Agent
WebReg
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WinSCP 4.3.6
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
1/15/2014 2:58:27 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Java/OpenStream.BK&threatid=2147655257   Name: TrojanDownloader:Java/OpenStream.BK   ID: 2147655257   Severity: Severe   Category: Trojan Downloader   Path: containerfile:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyWorker.class   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x8007065e   Error description: Data of this type is not supported.   Signature Version: AV: 1.165.1969.0, AS: 1.165.1969.0, NIS: 109.61.0.0   Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0
1/15/2014 2:58:27 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2011-3544&threatid=2147652517   Name: Exploit:Java/CVE-2011-3544   ID: 2147652517   Severity: Severe   Category: Exploit   Path: containerfile:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyApplet.class;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyLoader.class   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: Real-Time Protection   User: NT AUTHORITY\SYSTEM   Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x8007065e   Error description: Data of this type is not supported.   Signature Version: AV: 1.165.1969.0, AS: 1.165.1969.0, NIS: 109.61.0.0   Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03

Ran by clong (administrator) on CLONG-PC on 16-01-2014 12:17:49

Running from C:\Users\clong\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

() C:\Program Files\Synergy\synergyd.exe

(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Octoshape ApS) C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

(Spotify Ltd) C:\Users\clong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Program Files\Synergy\synergyc.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)

HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)

HKLM\...\Run: [seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-10-16] (Seagate)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [523216 2011-08-03] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [DiscWizardMonitor.exe] - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1325936 2009-10-16] (Seagate)

HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [904840 2009-10-16] (Acronis)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [VERIZONDM] - C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()

HKCU\...\Run: [Google Update] - C:\Users\clong\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-10] (Google Inc.)

HKCU\...\Run: [Octoshape Streaming Services] - C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)

HKCU\...\Run: [spotify Web Helper] - C:\Users\clong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-14] (Spotify Ltd)

HKCU\...\Run: [CPN Notifier] - C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe

HKCU\...\Run: [Plex Media Server] - C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4277896 2013-12-23] (Plex, Inc.)

MountPoints2: {0e6eb5c7-a023-11df-8f90-806e6f6e6963} - "D:\StarCraft II Setup.exe"

MountPoints2: {55781d8d-cb4f-11df-88ed-485b39356426} - E:\LaunchU3.exe -a

HKU\Mcx1-CLONG-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 

AppInit_DLLs: C:\Program Files (x86)\GS_x64.Enabler [2759168 2014-01-15] ()

AppInit_DLLs-x32: c:\progra~2\gsb779~1.ena [3041792 2014-01-15] ()

Lsa: [Authentication Packages] msv1_0 relog_ap

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=821&r=2014/01/15&hid=12075932575050798918&lg=EN&cc=US&unqvl=46

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

SearchScopes: HKCU - {B45ABC88-CF97-4D94-9D21-5D04D9DF0BB6} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

BHO: SNT - {33518B14-A932-7D0A-8735-6D41407E7BEB} - C:\Program Files (x86)\SNT\JEUSeI.x64.dll No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: greattsoaver - {E0443569-1D69-C3ED-B140-C9BF3B31BFEA} - C:\Program Files (x86)\greattsoaver\ZVX.x64.dll ()

BHO: YoutubeAdblocker - {ED92FB21-FA9D-1E86-DCF7-0633B045E01F} - C:\Program Files (x86)\YoutubeAdblocker\9.x64.dll No File

BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File

BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)

BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

BHO-x32: greattsoaver - {E0443569-1D69-C3ED-B140-C9BF3B31BFEA} - C:\Program Files (x86)\greattsoaver\ZVX.dll No File

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File

Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default


FF SearchEngineOrder.1: WebSearch

FF DefaultSearchEngine: WebSearch

FF SelectedSearchEngine: WebSearch

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");


FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)

FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\clong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\clong\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\clong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\clong\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)

FF Plugin ProgramFiles/Appdata: C:\Users\clong\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\clong\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\clong\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\clong\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)

FF SearchPlugin: C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\searchplugins\WebSearch.xml

FF Extension: Clear DNS Cache - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\cleardnscache@guoxiaod [2011-03-14]

FF Extension: DoNotTrackMe - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\donottrackplus@abine.com [2013-12-29]

FF Extension: No Name - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\staged [2014-01-15]

FF Extension: Nuke Anything Enhanced - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace} [2010-08-10]

FF Extension: Linkification - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010-08-10]

FF Extension: Firebug - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\firebug@software.joehewitt.com.xpi [2012-06-06]

FF Extension: Image Zoom - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2013-07-17]

FF Extension: Adblock Plus - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-30]

FF Extension: Download Manager Tweak - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi [2013-04-05]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-10-01]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-10-01]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-09]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-09]

 

Chrome: 

=======

CHR Extension: (ImageZoom) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmigpjhdoghhhmecocklaokmmamgobo\1.5_0 [2013-11-23]

CHR Extension: (YouTube) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 [2013-04-10]

CHR Extension: (JSONView) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc\0.0.32.2_0 [2013-11-23]

CHR Extension: (Google Search) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 [2013-03-31]

CHR Extension: (ImageZoomer) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhnaagndnllbblbgeimdkknegobbpohk\2.2.0_0 [2013-11-23]

CHR Extension: (Twitter Emoji Enabler) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmnmldaglgilbjclkmdappeepnfjifi\1.2_0 [2013-05-08]

CHR Extension: (Google Calendar) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0 [2014-01-09]

CHR Extension: (YTiBookMark) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcankllcologgilapadhdohekmdhamin\1.1 [2014-01-15]

CHR Extension: (Chrome Toolbox (by Google)) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0 [2013-02-10]

CHR Extension: (greaotsaver) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gapfaophpifealcpffinanhkahciplih\2.7 [2014-01-15]

CHR Extension: (YoutubeAdblocker) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdnfigefgjmmoiabimfeodnldnejccoi\1.0 [2014-01-15]

CHR Extension: (Emoji Extension for Twitter) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggmjhdfifohpkkmmeiieleeoaehheene\2.3_0 [2013-05-08]

CHR Extension: (AdBlock) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0 [2014-01-14]

CHR Extension: (TweetDeck by Twitter) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.5.5_0 [2013-12-20]

CHR Extension: (IMG Rotate) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcoonajankpbolkgbipphpmbhefkengn\1.0.4_0 [2012-08-12]

CHR Extension: (Page Element Quick Remover) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\liinfbahealjpojlepfcdmadngfgjmno\0.0.1.1_0 [2013-11-23]

CHR Extension: (Remove Element) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnfececmldedlanmhbeljgdaofncfeho\1.0.1_0 [2013-11-23]

CHR Extension: (Clickable Links) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp\1.1.12_0 [2013-12-19]

CHR Extension: (Pocket) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0 [2013-11-23]

CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0 [2013-11-23]

CHR Extension: (+Photo Zoom) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoglkofocgopmdfjnbifnicbickbola\0.1.0.29_0 [2012-08-12]

CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.3_0 [2013-12-20]

CHR Extension: (Google Wallet) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2014-01-15]

CHR Extension: (Chrome to Phone) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0 [2013-11-23]

CHR Extension: (PDF Viewer) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm\0.8.787_0 [2013-12-17]

CHR Extension: (JSON Formatter) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pblpfhfcojodgcifojnofommahgbaple\1.0.1.2_0 [2013-11-23]

CHR Extension: (Gmail) - C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2012-11-10]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-08-19]

CHR StartMenuInternet: Google Chrome - C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

R2 1a34a8e0; C:\Program Files (x86)\GSSvc.dll [146768 2014-01-15] ()

R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)

R2 Synergy; C:\Program Files\Synergy\synergyd.exe [291840 2013-10-22] ()

R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)

R2 postgresql-8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w [x]

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-16 12:17 - 2014-01-16 12:18 - 00036349 _____ C:\Users\clong\Desktop\FRST.txt

2014-01-16 12:17 - 2014-01-16 12:17 - 02076160 _____ (Farbar) C:\Users\clong\Desktop\FRST64.exe

2014-01-16 12:17 - 2014-01-16 12:17 - 00000000 ____D C:\FRST

2014-01-16 10:38 - 2014-01-16 10:38 - 00030685 _____ C:\Users\clong\Desktop\dds.txt

2014-01-16 10:38 - 2014-01-16 10:38 - 00010347 _____ C:\Users\clong\Desktop\attach.txt

2014-01-16 10:28 - 2014-01-16 10:28 - 00688992 ____R (Swearware) C:\Users\clong\Desktop\dds.scr

2014-01-15 14:38 - 2014-01-15 14:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\clong\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-01-15 13:51 - 2014-01-15 13:51 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-15 13:51 - 2014-01-15 13:51 - 00000000 ____D C:\Users\clong\AppData\Roaming\Malwarebytes

2014-01-15 13:51 - 2014-01-15 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-15 13:51 - 2014-01-15 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-15 13:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-15 13:50 - 2014-01-15 13:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\clong\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-15 13:43 - 2014-01-15 16:42 - 00000000 ____D C:\ProgramData\SNT

2014-01-15 13:43 - 2013-12-01 15:34 - 00000000 ____D C:\Users\clong\Documents\Dangerous Women

2014-01-15 13:42 - 2014-01-15 16:59 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-1824435291.job

2014-01-15 13:42 - 2014-01-15 16:42 - 00000000 ____D C:\ProgramData\YoutubeAdblocker

2014-01-15 13:42 - 2014-01-15 16:42 - 00000000 ____D C:\ProgramData\greattsoaver

2014-01-15 13:42 - 2014-01-15 16:32 - 00000000 ____D C:\Program Files (x86)\greattsoaver

2014-01-15 13:42 - 2014-01-15 13:43 - 02928030 _____ C:\Users\clong\Desktop\Dangerous Women.rar

2014-01-15 13:42 - 2014-01-15 13:43 - 00000000 ____D C:\ProgramData\House Of Soft

2014-01-15 13:42 - 2014-01-15 13:43 - 00000000 ____D C:\ProgramData\bdf1037d6fb04538

2014-01-15 13:42 - 2014-01-15 13:42 - 03041792 _____ C:\Program Files (x86)\GS.Enabler

2014-01-15 13:42 - 2014-01-15 13:42 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler

2014-01-15 13:42 - 2014-01-15 13:42 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll

2014-01-15 13:42 - 2014-01-15 13:42 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-1824435291

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\postgres\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\postgres\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\postgres\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Mcx1-CLONG-PC\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Mcx1-CLONG-PC\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Mcx1-CLONG-PC\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\clong\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\clong\AppData\Local\Packages

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\clong\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator

2014-01-15 13:41 - 2014-01-15 13:43 - 00000000 ____D C:\ProgramData\InstallMate

2014-01-15 10:51 - 2014-01-15 10:51 - 135369139 _____ C:\Users\clong\Desktop\sicily_pictures.zip

2014-01-15 10:38 - 2014-01-15 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2014-01-15 10:13 - 2014-01-15 10:51 - 00000000 ____D C:\Users\clong\Desktop\for_mom

2014-01-08 23:52 - 2014-01-15 17:02 - 00000000 ____D C:\ProgramData\boost_interprocess

2014-01-08 23:52 - 2014-01-08 23:58 - 00000000 ____D C:\Users\clong\AppData\Local\Plex Media Server

2014-01-08 23:50 - 2014-01-08 23:50 - 00000000 ____D C:\Program Files (x86)\Plex

2014-01-08 23:49 - 2014-01-08 23:49 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-08 23:45 - 2014-01-08 23:47 - 63048176 _____ (Plex, Inc.) C:\Users\clong\Downloads\Plex-Media-Server-0.9.818.290-11b7fdd-en-US.exe

2014-01-06 17:59 - 2014-01-06 18:01 - 00000000 ____D C:\Program Files\Synergy

2014-01-06 17:59 - 2014-01-06 17:59 - 12842996 _____ C:\Users\clong\Downloads\synergy-1.4.15-Windows-x64.exe

2014-01-06 13:48 - 2014-01-06 13:48 - 00000000 ____D C:\Users\clong\AppData\Roaming\Oracle

2014-01-06 12:52 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-06 12:52 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-01-06 12:52 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-01-06 12:52 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-01-06 12:51 - 2014-01-06 12:52 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-12-23 18:18 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2013-12-23 18:18 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2013-12-23 18:18 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2013-12-23 18:18 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2013-12-23 18:17 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-23 18:17 - 2013-11-26 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-23 18:17 - 2013-11-26 05:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-23 18:17 - 2013-11-26 04:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-23 18:17 - 2013-11-26 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-23 18:17 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-23 18:17 - 2013-11-26 04:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-23 18:17 - 2013-11-26 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-23 18:17 - 2013-11-26 04:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-23 18:17 - 2013-11-26 04:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-23 18:17 - 2013-11-26 04:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-23 18:17 - 2013-11-26 04:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-23 18:17 - 2013-11-26 04:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-23 18:17 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-23 18:17 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-23 18:17 - 2013-11-26 03:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-23 18:17 - 2013-11-26 03:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-23 18:17 - 2013-11-26 03:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-23 18:17 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-23 18:17 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-23 18:17 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-23 18:17 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-23 18:17 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-23 18:17 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-23 18:17 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-23 18:17 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-23 18:17 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-23 18:17 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-23 18:16 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-23 18:16 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-23 18:16 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

 

==================== One Month Modified Files and Folders =======

 

2014-01-16 12:18 - 2014-01-16 12:17 - 00036349 _____ C:\Users\clong\Desktop\FRST.txt

2014-01-16 12:17 - 2014-01-16 12:17 - 02076160 _____ (Farbar) C:\Users\clong\Desktop\FRST64.exe

2014-01-16 12:17 - 2014-01-16 12:17 - 00000000 ____D C:\FRST

2014-01-16 12:15 - 2010-08-10 14:50 - 00000000 ____D C:\Users\clong\AppData\Roaming\.purple

2014-01-16 12:10 - 2010-08-04 18:55 - 02064073 _____ C:\Windows\WindowsUpdate.log

2014-01-16 11:48 - 2010-08-10 14:27 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3914614550-3342305669-3243351493-1000UA.job

2014-01-16 10:38 - 2014-01-16 10:38 - 00030685 _____ C:\Users\clong\Desktop\dds.txt

2014-01-16 10:38 - 2014-01-16 10:38 - 00010347 _____ C:\Users\clong\Desktop\attach.txt

2014-01-16 10:28 - 2014-01-16 10:28 - 00688992 ____R (Swearware) C:\Users\clong\Desktop\dds.scr

2014-01-16 04:48 - 2010-08-10 14:27 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3914614550-3342305669-3243351493-1000Core.job

2014-01-15 17:07 - 2009-07-13 23:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-15 17:07 - 2009-07-13 23:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-15 17:05 - 2009-07-14 00:13 - 00727334 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-15 17:02 - 2014-01-08 23:52 - 00000000 ____D C:\ProgramData\boost_interprocess

2014-01-15 16:59 - 2014-01-15 13:42 - 00000464 ____H C:\Windows\Tasks\GS.Enabler-S-1824435291.job

2014-01-15 16:59 - 2010-08-11 18:36 - 00000000 ____D C:\Users\postgres

2014-01-15 16:58 - 2010-08-05 10:09 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-15 16:58 - 2009-09-02 15:01 - 00054380 _____ C:\Windows\setupact.log

2014-01-15 16:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-15 16:45 - 2012-06-06 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-15 16:45 - 2010-08-05 10:12 - 00037858 _____ C:\Windows\PFRO.log

2014-01-15 16:42 - 2014-01-15 13:43 - 00000000 ____D C:\ProgramData\SNT

2014-01-15 16:42 - 2014-01-15 13:42 - 00000000 ____D C:\ProgramData\YoutubeAdblocker

2014-01-15 16:42 - 2014-01-15 13:42 - 00000000 ____D C:\ProgramData\greattsoaver

2014-01-15 16:32 - 2014-01-15 13:42 - 00000000 ____D C:\Program Files (x86)\greattsoaver

2014-01-15 14:38 - 2014-01-15 14:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\clong\Downloads\mbam-setup-1.75.0.1300 (1).exe

2014-01-15 13:51 - 2014-01-15 13:51 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-15 13:51 - 2014-01-15 13:51 - 00000000 ____D C:\Users\clong\AppData\Roaming\Malwarebytes

2014-01-15 13:51 - 2014-01-15 13:51 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-15 13:51 - 2014-01-15 13:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-15 13:50 - 2014-01-15 13:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\clong\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-15 13:50 - 2011-07-21 10:33 - 00000000 ____D C:\Users\clong\AppData\Roaming\Spotify

2014-01-15 13:43 - 2014-01-15 13:42 - 02928030 _____ C:\Users\clong\Desktop\Dangerous Women.rar

2014-01-15 13:43 - 2014-01-15 13:42 - 00000000 ____D C:\ProgramData\House Of Soft

2014-01-15 13:43 - 2014-01-15 13:42 - 00000000 ____D C:\ProgramData\bdf1037d6fb04538

2014-01-15 13:43 - 2014-01-15 13:41 - 00000000 ____D C:\ProgramData\InstallMate

2014-01-15 13:42 - 2014-01-15 13:42 - 03041792 _____ C:\Program Files (x86)\GS.Enabler

2014-01-15 13:42 - 2014-01-15 13:42 - 02759168 _____ C:\Program Files (x86)\GS_x64.Enabler

2014-01-15 13:42 - 2014-01-15 13:42 - 00146768 _____ C:\Program Files (x86)\GSSvc.dll

2014-01-15 13:42 - 2014-01-15 13:42 - 00002710 _____ C:\Windows\System32\Tasks\GS.Enabler-S-1824435291

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\postgres\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\postgres\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\postgres\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Mcx1-CLONG-PC\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Mcx1-CLONG-PC\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Mcx1-CLONG-PC\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\HomeGroupUser$

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Guest

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\clong\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\clong\AppData\Local\Packages

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\clong\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Torch

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Comodo

2014-01-15 13:42 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Administrator

2014-01-15 13:42 - 2010-08-10 14:27 - 00000000 ____D C:\Users\clong\AppData\Local\Google

2014-01-15 11:06 - 2014-01-15 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2014-01-15 10:51 - 2014-01-15 10:51 - 135369139 _____ C:\Users\clong\Desktop\sicily_pictures.zip

2014-01-15 10:51 - 2014-01-15 10:13 - 00000000 ____D C:\Users\clong\Desktop\for_mom

2014-01-15 01:50 - 2010-08-10 14:31 - 00002368 _____ C:\Users\clong\Desktop\Google Chrome.lnk

2014-01-14 17:32 - 2011-07-21 10:33 - 00000000 ____D C:\Users\clong\AppData\Local\Spotify

2014-01-10 14:03 - 2010-08-17 16:01 - 00000600 _____ C:\Users\clong\AppData\Local\PUTTY.RND

2014-01-09 23:15 - 2010-08-12 14:42 - 00002060 _____ C:\Users\clong\Documents\pass.txt

2014-01-09 00:03 - 2011-04-25 00:30 - 00000000 ____D C:\Users\clong\Documents\okcfjf

2014-01-08 23:58 - 2014-01-08 23:52 - 00000000 ____D C:\Users\clong\AppData\Local\Plex Media Server

2014-01-08 23:52 - 2010-08-11 17:40 - 00000000 ____D C:\Users\clong\AppData\Roaming\Apple Computer

2014-01-08 23:52 - 2010-08-11 17:40 - 00000000 ____D C:\Users\clong\AppData\Local\Apple Computer

2014-01-08 23:50 - 2014-01-08 23:50 - 00000000 ____D C:\Program Files (x86)\Plex

2014-01-08 23:49 - 2014-01-08 23:49 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-08 23:47 - 2014-01-08 23:45 - 63048176 _____ (Plex, Inc.) C:\Users\clong\Downloads\Plex-Media-Server-0.9.818.290-11b7fdd-en-US.exe

2014-01-06 18:21 - 2010-08-11 01:38 - 00000000 ___RD C:\Users\clong\launchers

2014-01-06 18:01 - 2014-01-06 17:59 - 00000000 ____D C:\Program Files\Synergy

2014-01-06 17:59 - 2014-01-06 17:59 - 12842996 _____ C:\Users\clong\Downloads\synergy-1.4.15-Windows-x64.exe

2014-01-06 13:50 - 2010-08-13 10:26 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-06 13:48 - 2014-01-06 13:48 - 00000000 ____D C:\Users\clong\AppData\Roaming\Oracle

2014-01-06 12:53 - 2013-09-22 15:06 - 00000000 ____D C:\ProgramData\Oracle

2014-01-06 12:52 - 2014-01-06 12:51 - 00004154 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-12-29 22:53 - 2013-10-01 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-12-29 21:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-12-29 20:12 - 2009-07-13 23:45 - 00303216 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-23 18:16 - 2013-08-24 17:22 - 00000000 ____D C:\Windows\system32\MRT

2013-12-23 18:15 - 2010-05-24 16:32 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Some content of TEMP:

====================

C:\Users\clong\AppData\Local\Temp\20111013043436360jniverify.dll

C:\Users\clong\AppData\Local\Temp\AskSLib.dll

C:\Users\clong\AppData\Local\Temp\converter.exe

C:\Users\clong\AppData\Local\Temp\DivXSetup.exe

C:\Users\clong\AppData\Local\Temp\ebt1e2d0.dll

C:\Users\clong\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe

C:\Users\clong\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe

C:\Users\clong\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe

C:\Users\clong\AppData\Local\Temp\GLF424D.tmp.ConduitEngineSetup.exe

C:\Users\clong\AppData\Local\Temp\iet3D68.tmp.exe

C:\Users\clong\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\clong\AppData\Local\Temp\octoinstalljni457229098886618443.dll

C:\Users\clong\AppData\Local\Temp\octosetup1001101171111151069710710510811898999711011310810999981011091081009712011010411410910897399791709917357222.exe

C:\Users\clong\AppData\Local\Temp\SpotifyUpgrader.exe

C:\Users\clong\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\clong\AppData\Local\Temp\_unps.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-09 10:24

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites

posting Fixlog.txt from FRST fix run here now and then following the anti-rootkit steps, will post followup

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014 03

Ran by clong at 2014-01-16 13:38:06 Run:1

Running from C:\Users\clong\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\Mcx1-CLONG-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 

AppInit_DLLs: C:\Program Files (x86)\GS_x64.Enabler [2759168 2014-01-15] ()

AppInit_DLLs-x32: c:\progra~2\gsb779~1.ena [3041792 2014-01-15] ()

URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

URLSearchHook: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.too...ok.info/?l=1&q={searchTerms}&pid=821&r=2014/01/15&hid=12075932575050798918&lg=EN&cc=US&unqvl=46

SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552

BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File

C:\Program Files (x86)\Hotspot Shield

BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

BHO-x32: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

C:\Program Files (x86)\uTorrentBar

BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

C:\Program Files (x86)\Ask.com

BHO-x32: greattsoaver - {E0443569-1D69-C3ED-B140-C9BF3B31BFEA} - C:\Program Files (x86)\greattsoaver\ZVX.dll No File

C:\Program Files (x86)\greattsoaver

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File

Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

C:\Users\clong\AppData\Local\Temp\20111013043436360jniverify.dll

C:\Users\clong\AppData\Local\Temp\AskSLib.dll

C:\Users\clong\AppData\Local\Temp\converter.exe

C:\Users\clong\AppData\Local\Temp\DivXSetup.exe

C:\Users\clong\AppData\Local\Temp\ebt1e2d0.dll

C:\Users\clong\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe

C:\Users\clong\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe

C:\Users\clong\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe

C:\Users\clong\AppData\Local\Temp\GLF424D.tmp.ConduitEngineSetup.exe

C:\Users\clong\AppData\Local\Temp\iet3D68.tmp.exe

C:\Users\clong\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\clong\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\clong\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\clong\AppData\Local\Temp\octoinstalljni457229098886618443.dll

C:\Users\clong\AppData\Local\Temp\octosetup1001101171111151069710710510811898999711011310810999981011091081009712011010411410910897399791709917357222.exe

C:\Users\clong\AppData\Local\Temp\SpotifyUpgrader.exe

C:\Users\clong\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\clong\AppData\Local\Temp\_unps.exe

Task: C:\Windows\Tasks\GS.Enabler-S-1824435291.job => c:\programdata\house of soft\gs.enabler\GS.Enabler.exe <==== ATTENTION

Task: {AA1F935F-B0D8-4D76-85F9-32B014CEA084} - System32\Tasks\GS.Enabler-S-1824435291 => c:\programdata\house of soft\gs.enabler\GS.Enabler.exe <==== ATTENTION

AlternateDataStreams: C:\Program Files (x86)\Cake Poker 2.0:MID

End

*****************

 

HKU\Mcx1-CLONG-PC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Key deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.

HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.

HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.

"C:\Program Files (x86)\Hotspot Shield" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.

C:\Program Files (x86)\uTorrentBar => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.

C:\Program Files (x86)\Ask.com => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0443569-1D69-C3ED-B140-C9BF3B31BFEA} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{E0443569-1D69-C3ED-B140-C9BF3B31BFEA} => Key deleted successfully.

C:\Program Files (x86)\greattsoaver => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} => Value deleted successfully.

HKCR\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Value deleted successfully.

HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => Value deleted successfully.

HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.

HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.

C:\Users\clong\AppData\Local\Temp\20111013043436360jniverify.dll => Moved successfully.

C:\Users\clong\AppData\Local\Temp\AskSLib.dll => Moved successfully.

C:\Users\clong\AppData\Local\Temp\converter.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\DivXSetup.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\ebt1e2d0.dll => Moved successfully.

C:\Users\clong\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\GLF424D.tmp.ConduitEngineSetup.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\iet3D68.tmp.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\octoinstalljni457229098886618443.dll => Moved successfully.

C:\Users\clong\AppData\Local\Temp\octosetup1001101171111151069710710510811898999711011310810999981011091081009712011010411410910897399791709917357222.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\SpotifyUpgrader.exe => Moved successfully.

C:\Users\clong\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

C:\Users\clong\AppData\Local\Temp\_unps.exe => Moved successfully.

C:\Windows\Tasks\GS.Enabler-S-1824435291.job => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA1F935F-B0D8-4D76-85F9-32B014CEA084} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA1F935F-B0D8-4D76-85F9-32B014CEA084} => Key deleted successfully.

C:\Windows\System32\Tasks\GS.Enabler-S-1824435291 => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GS.Enabler-S-1824435291 => Key deleted successfully.

C:\Program Files (x86)\Cake Poker 2.0 => ":MID" ADS removed successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Run the following first...

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs, give me an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

# AdwCleaner v3.017 - Report created 16/01/2014 at 15:19:21

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : clong - CLONG-PC

# Running from : C:\Users\clong\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\hotspot shield

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\SNT

Folder Deleted : C:\ProgramData\YoutubeAdblocker

Folder Deleted : C:\ProgramData\greattsoaver

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\ConduitEngine

Folder Deleted : C:\Program Files (x86)\Hotspot_Shield

Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

Folder Deleted : C:\Users\clong\AppData\Local\torch

Folder Deleted : C:\Users\clong\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\clong\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\clong\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\clong\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\clong\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\clong\AppData\LocalLow\Hotspot_Shield

Folder Deleted : C:\Users\clong\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\clong\AppData\LocalLow\uTorrentBar

Folder Deleted : C:\Users\postgres\AppData\Local\torch

Folder Deleted : C:\Users\Mcx1-CLONG-PC\AppData\Local\torch

Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch

Folder Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Conduit

Folder Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\cleardnscache@guoxiaod

Folder Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\donottrackplus@abine.com

Folder Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\staged

Folder Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}

Folder Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

File Deleted : C:\END

File Deleted : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\searchplugins\WebSearch.xml

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78AD60C7-EB0B-4982-8C49-4149448D777A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{627ACD63-F504-419F-80A4-51A968687ECD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78AD60C7-EB0B-4982-8C49-4149448D777A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{627ACD63-F504-419F-80A4-51A968687ECD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F8DC30A-7551-42F5-82A2-842193F6892A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52883098-11E6-4770-822A-18A389C5C01D}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\conduitEngine

Key Deleted : HKLM\Software\Hotspot_Shield

Key Deleted : HKLM\Software\uTorrentBar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hotspot_Shield Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v22.0 (en-US)

 

[ File : C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\prefs.js ]

 


Line Deleted : user_pref("CT1561552.CTID", "CT1561552");

Line Deleted : user_pref("CT1561552.Chat.Meebo.ServerLastCheckTime", "Tue Oct 12 2010 16:53:42 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.Chat.Meebo.ServerLastResponseTime", "Tue Oct 12 2010 16:53:43 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.2030dff2c5edb1", 16);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.30plusa87dca4f", 16);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.entertainmentc0ed09fb", 7);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.health3693b665", 2);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.hotspotshieldcommunitychat381c94b5", 32);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.musicj375cf270", 7);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.newsxu117b840d", 13);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.recreationab17d1f9", 1);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.spirituality39155c53", 0);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.sports522528d3", 9);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.technology8bb9fd5b", 0);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.teenagers833b8249", 14);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.travel8c2e48db", 2);

Line Deleted : user_pref("CT1561552.Chat.Meebo.rooms.videogames2fe066e0", 2);

Line Deleted : user_pref("CT1561552.Chat.ServerLastCheckTime", "Tue Oct 12 2010 16:53:41 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.CurrentServerDate", "12-10-2010");

Line Deleted : user_pref("CT1561552.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT1561552.FirstServerDate", "12-10-2010");

Line Deleted : user_pref("CT1561552.FirstTime", true);

Line Deleted : user_pref("CT1561552.FirstTimeFF3", true);

Line Deleted : user_pref("CT1561552.GroupingServerCheckInterval", 1440);


Line Deleted : user_pref("CT1561552.Initialize", true);

Line Deleted : user_pref("CT1561552.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT1561552.InstalledDate", "Tue Oct 12 2010 16:53:43 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.InvalidateCache", false);

Line Deleted : user_pref("CT1561552.IsGrouping", false);

Line Deleted : user_pref("CT1561552.IsMulticommunity", false);

Line Deleted : user_pref("CT1561552.IsOpenThankYouPage", true);

Line Deleted : user_pref("CT1561552.IsOpenUninstallPage", true);

Line Deleted : user_pref("CT1561552.LanguagePackLastCheckTime", "Tue Oct 12 2010 16:53:43 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.LanguagePackReloadIntervalMM", 1440);


Line Deleted : user_pref("CT1561552.LastLogin_2.5.6.0", "Tue Oct 12 2010 16:54:07 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.LatestVersion", "2.7.2.0");

Line Deleted : user_pref("CT1561552.Locale", "en-us");

Line Deleted : user_pref("CT1561552.LoginCache", 4);

Line Deleted : user_pref("CT1561552.MCDetectTooltipHeight", "83");


Line Deleted : user_pref("CT1561552.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT1561552.RadioIsPodcast", false);

Line Deleted : user_pref("CT1561552.RadioLastCheckTime", "Tue Oct 12 2010 16:53:42 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.RadioLastUpdateIPServer", "3");

Line Deleted : user_pref("CT1561552.RadioLastUpdateServer", "129100288951200000");

Line Deleted : user_pref("CT1561552.RadioMediaID", "13448970");

Line Deleted : user_pref("CT1561552.RadioMediaType", "Media Player");

Line Deleted : user_pref("CT1561552.RadioMenuSelectedID", "EBRadioMenu_CT156155213448970");

Line Deleted : user_pref("CT1561552.RadioShrinked", "shrinked");

Line Deleted : user_pref("CT1561552.RadioStationName", "Danceradio");


Line Deleted : user_pref("CT1561552.SHRINK_TOOLBAR", 0);

Line Deleted : user_pref("CT1561552.SearchBoxWidth", 182);


Line Deleted : user_pref("CT1561552.SearchFromAddressBarIsInit", true);


Line Deleted : user_pref("CT1561552.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT1561552.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT1561552.SearchInNewTabLastCheckTime", "Tue Oct 12 2010 16:54:07 GMT-0400 (Eastern Daylight Time)");



Line Deleted : user_pref("CT1561552.SettingsCheckIntervalMin", 120);

Line Deleted : user_pref("CT1561552.SettingsLastCheckTime", "Tue Oct 12 2010 16:53:40 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.SettingsLastUpdate", "1286876922");

Line Deleted : user_pref("CT1561552.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT1561552.ThirdPartyComponentsLastCheck", "Tue Oct 12 2010 16:53:40 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CT1561552.ThirdPartyComponentsLastUpdate", "1246790578");


Line Deleted : user_pref("CT1561552.Uninstall", true);

Line Deleted : user_pref("CT1561552.UserID", "UN83947291721381328");

Line Deleted : user_pref("CT1561552.ValidationData_Toolbar", 2);

Line Deleted : user_pref("CT1561552.alertChannelId", "15257");

Line Deleted : user_pref("CT1561552.clientLogIsEnabled", false);


Line Deleted : user_pref("CT1561552.components.1000034", false);

Line Deleted : user_pref("CT1561552.components.1000234", false);

Line Deleted : user_pref("CT1561552.myStuffEnabled", true);

Line Deleted : user_pref("CT1561552.myStuffPublihserMinWidth", 400);


Line Deleted : user_pref("CT1561552.myStuffServiceIntervalMM", 1440);




Line Deleted : user_pref("CT2786678.CTID", "CT2786678");

Line Deleted : user_pref("CT2786678.CurrentServerDate", "10-11-2010");

Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");

Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Nov 09 2010 21:03:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 360);

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Tue Nov 09 2010 20:18:13 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Tue Nov 09 2010 20:18:13 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Tue Nov 09 2010 20:18:13 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Tue Nov 09 2010 20:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);

Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);

Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);

Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);

Line Deleted : user_pref("CT2786678.FirstServerDate", "9-11-2010");

Line Deleted : user_pref("CT2786678.FirstTime", true);

Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);

Line Deleted : user_pref("CT2786678.FirstTimeSettingsDone", true);

Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);

Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);


Line Deleted : user_pref("CT2786678.Initialize", true);

Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");

Line Deleted : user_pref("CT2786678.InstalledDate", "Tue Nov 09 2010 10:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.IsGrouping", false);

Line Deleted : user_pref("CT2786678.IsMulticommunity", false);

Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", false);

Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);

Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Nov 09 2010 10:18:12 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);


Line Deleted : user_pref("CT2786678.LastLogin_2.7.2.0", "Tue Nov 09 2010 18:18:15 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.LatestVersion", "2.7.2.0");

Line Deleted : user_pref("CT2786678.Locale", "en");

Line Deleted : user_pref("CT2786678.LoginCache", 4);

Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");


Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);


Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);


Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Nov 09 2010 10:18:12 GMT-0500 (Eastern Standard Time)");



Line Deleted : user_pref("CT2786678.SettingsCheckIntervalMin", 120);

Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Nov 09 2010 10:18:11 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1288989406");

Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Tue Nov 09 2010 10:18:11 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");


Line Deleted : user_pref("CT2786678.UserID", "UN88224501182400821");

Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 0);

Line Deleted : user_pref("CT2786678.WeatherNetwork", "");

Line Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Nov 09 2010 20:48:13 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CT2786678.WeatherUnit", "C");

Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");

Line Deleted : user_pref("CT2786678.clientLogIsEnabled", false);


Line Deleted : user_pref("CT2786678.myStuffEnabled", true);

Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);


Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);




Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1561552,CT2786678");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1561552,CT2786678");

Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Nov 09 2010 10:18:12 GMT-0500 (Eastern Standard Time)");


Line Deleted : user_pref("extensions.asktb.cbid", "AB");


Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");

Line Deleted : user_pref("extensions.asktb.fresh-install", false);

Line Deleted : user_pref("extensions.asktb.l", "dis");

Line Deleted : user_pref("extensions.asktb.last-config-req", "1281824473946");

Line Deleted : user_pref("extensions.asktb.locale", "en_US");

Line Deleted : user_pref("extensions.asktb.o", "15080");

Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Line Deleted : user_pref("extensions.asktb.qsrc", "2871");

Line Deleted : user_pref("extensions.asktb.r", "5");

Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Line Deleted : user_pref("browser.search.order.1", "WebSearch");

Line Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");


Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");


 

-\\ Google Chrome v

 

[ File : C:\Users\clong\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [27534 octets] - [16/01/2014 15:09:11]

AdwCleaner[s0].txt - [27283 octets] - [16/01/2014 15:19:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [27344 octets] ##########
Link to post
Share on other sites

also on the junkware removal tool link i clicked on the green download button which was a sponsored ad for 'zip extractor' and started that install process but aborted before the actual install started :/ quitting out created a shortcut to resume install, both of which i deleted. ~embarrassing~

 

continuing on to last step ...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x64

Ran by clong on Thu 01/16/2014 at 15:37:08.56

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 01/16/2014 at 15:44:02.12

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

malwarebytes still shows 70 items in quarantine from the first full scan i ran before we started this process. should i delete those or do anything else?

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.16.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

clong :: CLONG-PC [administrator]

 

Protection: Disabled

 

1/16/2014 3:49:06 PM

mbam-log-2014-01-16 (15-49-06).txt

 

Scan type: Full scan (C:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 764712

Time elapsed: 2 hour(s), 38 minute(s), 10 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:\$Recycle.Bin\S-1-5-21-3914614550-3342305669-3243351493-1000\$RFRAHA6.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\greattsoaver\ZVX.x64.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.

C:\Users\clong\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe (PUP.Optional.JumpyApps) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Yes it will be ok to empty quarantined files... We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Post those logs, also let me know if any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

ESET scan:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Hotspot_Shield\tbHots.dll.vir a variant of Win32/Toolbar.Conduit.B application

C:\AdwCleaner\Quarantine\C\Users\clong\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A application

C:\FRST\Quarantine\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application

C:\FRST\Quarantine\iet3D68.tmp.exe a variant of Win32/Toolbar.Conduit.B application

C:\FRST\Quarantine\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B application

C:\Program Files (x86)\GS.Enabler a variant of Win32/SProtector.D application

C:\Program Files (x86)\GSSvc.dll a variant of Win32/SProtector.D application

C:\ProgramData\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dll Win32/InstalleRex.M application

C:\Users\All Users\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dll Win32/InstalleRex.M application

C:\Users\clong\Documents\resume\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\clong\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\clong\Downloads\winscp436setup-sponsored.exe Win32/OpenCandy application
Link to post
Share on other sites

security check screen317:

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
 Mozilla Thunderbird (24.2.0) 
 Google Chrome 32.0.1700.72  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Program Files (x86)\GS.EnablerC:\Program Files (x86)\GSSvc.dllC:\ProgramData\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dllC:\Users\All Users\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dllC:\Users\clong\Documents\resume\CuteWriter.exeC:\Users\clong\Downloads\CuteWriter.exeC:\Users\clong\Downloads\winscp436setup-sponsored.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Post OTM log, let me know if any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\clong\Desktop\cmd.bat deleted successfully.

C:\Users\clong\Desktop\cmd.txt deleted successfully.

C:\Program Files (x86)\GS.Enabler moved successfully.

DllUnregisterServer procedure not found in C:\Program Files (x86)\GSSvc.dll

File move failed. C:\Program Files (x86)\GSSvc.dll scheduled to be moved on reboot.

DllUnregisterServer procedure not found in C:\ProgramData\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dll

C:\ProgramData\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dll moved successfully.

File/Folder C:\Users\All Users\InstallMate\{85BC7483-6DE9-49C1-AB2A-25CB5E5F5675}\Custom.dll not found.

C:\Users\clong\Documents\resume\CuteWriter.exe moved successfully.

C:\Users\clong\Downloads\CuteWriter.exe moved successfully.

C:\Users\clong\Downloads\winscp436setup-sponsored.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: AppData

 

User: clong

->Temp folder emptied: 1135247143 bytes

->Temporary Internet Files folder emptied: 203419993 bytes

->Java cache emptied: 7322459 bytes

->FireFox cache emptied: 402434045 bytes

->Google Chrome cache emptied: 608839536 bytes

->Flash cache emptied: 1234895 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

 

User: HomeGroupUser$

 

User: Mcx1-CLONG-PC

->Temp folder emptied: 467385 bytes

->Temporary Internet Files folder emptied: 18041319 bytes

->Flash cache emptied: 56504 bytes

 

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 754331508 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 77415 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42401722 bytes

RecycleBin emptied: 2515497502 bytes

 

Total Files Cleaned = 5,426.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 01172014_173741

 

Files moved on Reboot...

File move failed. C:\Program Files (x86)\GSSvc.dll scheduled to be moved on reboot.

C:\Users\clong\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\clong\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

Run final DDS scan for me, if this is ok we`ll clean up, remove tools etc..

 

Download and save DDS to your Desktop from either of the following links:

 

http://download.bleepingcomputer.com/sUBs/dds.scr

http://compendiate.net/sUBs/dds/dds.scr

 

Note:[/b] You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your desktop.

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop"

The logs will be named dds.txt and attach.txt".

Wait until the logs appear and then copy and paste their contents into your post.

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2

Run by clong at 19:04:43 on 2014-01-17

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6135.3974 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synergy\synergyd.exe

C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\notepad.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Users\clong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wuauclt.exe

C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\clong\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Program Files\Synergy\synergyc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.




mWinlogon: Userinit = userinit.exe,

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Google Update] "C:\Users\clong\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Octoshape Streaming Services] "C:\Users\clong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [spotify Web Helper] "C:\Users\clong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe

uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll






TCP: NameServer = 192.168.1.1

TCP: Interfaces\{15557478-5A35-49CA-B453-12331B8D753D} : DHCPNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages =  msv1_0 relog_ap

x64-BHO: SNT: {33518B14-A932-7D0A-8735-6D41407E7BEB} - 

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: greattsoaver: {E0443569-1D69-C3ED-B140-C9BF3B31BFEA} - 

x64-BHO: YoutubeAdblocker: {ED92FB21-FA9D-1E86-DCF7-0633B045E01F} - 

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\clong\AppData\Roaming\Mozilla\Firefox\Profiles\1n4lfn3h.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\clong\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Users\clong\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2011-01-05 11:14; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 350792]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-15 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-15 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 134944]

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]

R2 Synergy;Synergy;C:\Program Files\Synergy\synergyd.exe [2013-10-22 291840]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-8-3 468432]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-15 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]

S2 1a34a8e0;GS.Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-8-3 94864]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-23 111616]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-5 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-24 1255736]

.

=============== Created Last 30 ================

.

2014-01-17 22:53:34 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE61DF1E-04AD-4EA3-9910-9959B7B563DF}\mpengine.dll

2014-01-17 22:50:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-17 22:37:41 -------- d-----w- C:\_OTM

2014-01-16 20:37:06 -------- d-----w- C:\Windows\ERUNT

2014-01-16 20:33:50 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-01-16 20:22:43 -------- d-----w- C:\ProgramData\boost_interprocess

2014-01-16 20:08:51 -------- d-----w- C:\AdwCleaner

2014-01-16 18:44:55 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-16 18:42:39 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-01-16 17:17:46 -------- d-----w- C:\FRST

2014-01-15 18:51:27 -------- d-----w- C:\Users\clong\AppData\Roaming\Malwarebytes

2014-01-15 18:51:17 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-15 18:51:16 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-15 18:51:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-15 18:50:30 -------- d-----w- C:\Users\clong\AppData\Local\Programs

2014-01-15 18:42:34 -------- d-----w- C:\ProgramData\House Of Soft

2014-01-15 18:42:29 2759168 ----a-w- C:\Program Files (x86)\GS_x64.Enabler

2014-01-15 18:42:29 146768 ----a-w- C:\Program Files (x86)\GSSvc.dll

2014-01-15 18:42:07 -------- d-----w- C:\Users\clong\AppData\Local\Packages

2014-01-15 18:42:02 -------- d-----w- C:\ProgramData\bdf1037d6fb04538

2014-01-15 18:42:01 -------- d-----w- C:\Users\clong\AppData\Local\Comodo

2014-01-15 18:41:29 -------- d-----w- C:\ProgramData\InstallMate

2014-01-09 04:52:55 -------- d-----w- C:\Users\clong\AppData\Local\Plex Media Server

2014-01-09 04:50:26 -------- d-----w- C:\Program Files (x86)\Plex

2014-01-09 04:49:37 -------- d-----w- C:\ProgramData\Package Cache

2014-01-06 22:59:46 -------- d-----w- C:\Program Files\Synergy

2013-12-23 23:18:30 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2013-12-23 23:18:30 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2013-12-23 23:18:30 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2013-12-23 23:18:29 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-12-23 23:16:59 5769216 ----a-w- C:\Windows\System32\jscript9.dll

2013-12-23 23:16:59 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll

.

==================== Find3M  ====================

.

2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll

2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-11-15 20:48:21 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-15 20:48:21 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll

2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-10-23 08:20:08 6669600 ----a-w- C:\Windows\System32\nvcpl.dll

2013-10-23 08:20:07 3489568 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-10-23 08:20:05 922912 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-10-23 08:20:05 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-10-23 08:20:05 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-10-23 08:20:05 219424 ----a-w- C:\Windows\System32\nvmctray.dll

2013-10-23 08:20:03 3426956 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-10-23 08:02:36 589600 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 19:05:41.45 ===============

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 8/10/2010 3:01:51 PM

System Uptime: 1/17/2014 5:41:56 PM (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | P6T SE

Processor: Intel® Core i7 CPU         930  @ 2.80GHz | LGA1366 | 2801/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 472.578 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP617: 1/9/2014 12:56:03 PM - Windows Update

RP618: 1/13/2014 12:56:05 PM - Windows Update

RP619: 1/16/2014 3:33:11 PM - Windows Update

RP620: 1/17/2014 5:49:01 PM - Installed Java 7 Update 51

.

==== Installed Programs ======================

.

µTorrent

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

64 Bit HP CIO Components Installer

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

BlackBerry Desktop Software 6.0

Bonjour

BufferChm

Cake Poker 2.0

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client 

Cisco WebEx Meetings

Citrix Authentication Manager

Citrix Receiver

Citrix Receiver (HDX Flash Redirection)

Citrix Receiver Inside

Citrix Receiver(Aero)

Citrix Receiver(DV)

Citrix Receiver(USB)

Comical 0.8

CutePDF Writer 2.8

D3DX10

Destinations

DeviceDiscovery

DivX Setup

DocMgr

DocProc

Doyles Room

eMule

Fax

FileZilla Client 3.5.3

Full Tilt Poker

Full Tilt Poker.Net

Google Chrome

Google Talk Plugin

GoToMeeting 5.2.0.952

GPBaseService2

GS.Supporter 1.80

Hewlett-Packard ACLM.NET v1.1.0.0

Holdem Manager

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Officejet 4500 G510n-z

HP Product Detection

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

IHA_MessageCenter

iTunes

Java 7 Update 51

Java Auto Updater

Junk Mail filter update

League of Legends

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 24.2.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

NVIDIA 3D Vision Driver 331.65

NVIDIA Control Panel 331.65

NVIDIA Display Control Panel

NVIDIA Graphics Driver 331.65

NVIDIA HD Audio Driver 1.3.26.4

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.15.2

NVIDIA Update Components

OCR Software by I.R.I.S. 13.0

Octoshape add-in for Adobe Flash Player

Octoshape Streaming Services

Online Plug-in

OpenAL

OpenOffice.org 3.2

Pando Media Booster

Picasa 3

Pidgin

Plex Media Server

PokerStars

PokerTH

PostgreSQL 8.4

QuickTime

Realtek High Definition Audio Driver

SAMSUNG USB Driver for Mobile Phones

SamsungSimpleDownloaderTool for SPH-D710

Scan

Seagate DiscWizard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Self-service Plug-in

Shop for HP Supplies

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Songkicker

Spotify

StarCraft II

StarCraft II Beta

Status

Synergy

Toolbox

TrayApp

TweetDeck

Universal Replayer

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

VC80CRTRedist - 8.0.50727.6195

Veetle TV

Verizon Download Manager

Vz In-Home Agent

WebReg

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR archiver

WinSCP 4.3.6

Yahoo! Detect

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

1/17/2014 5:37:41 PM, Error: Service Control Manager [7034]  - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).

1/17/2014 1:54:09 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Java/OpenStream.BK&threatid=2147655257   Name: TrojanDownloader:Java/OpenStream.BK   ID: 2147655257   Severity: Severe   Category: Trojan Downloader   Path: containerfile:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyWorker.class   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x8007065e   Error description: Data of this type is not supported.   Signature Version: AV: 1.165.2068.0, AS: 1.165.2068.0, NIS: 109.61.0.0   Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0

1/17/2014 1:54:09 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2011-3544&threatid=2147652517   Name: Exploit:Java/CVE-2011-3544   ID: 2147652517   Severity: Severe   Category: Exploit   Path: containerfile:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyApplet.class;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyLoader.class   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: Real-Time Protection   User: NT AUTHORITY\SYSTEM   Process Name: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x8007065e   Error description: Data of this type is not supported.   Signature Version: AV: 1.165.2068.0, AS: 1.165.2068.0, NIS: 109.61.0.0   Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0

1/16/2014 4:54:12 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Java/OpenStream.BK&threatid=2147655257   Name: TrojanDownloader:Java/OpenStream.BK   ID: 2147655257   Severity: Severe   Category: Trojan Downloader   Path: containerfile:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyWorker.class   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: System   User: NT AUTHORITY\SYSTEM   Process Name: Unknown   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x8007065e   Error description: Data of this type is not supported.   Signature Version: AV: 1.165.2068.0, AS: 1.165.2068.0, NIS: 109.61.0.0   Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0

1/16/2014 4:54:12 PM, Error: Microsoft Antimalware [1119]  - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software.  For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/CVE-2011-3544&threatid=2147652517   Name: Exploit:Java/CVE-2011-3544   ID: 2147652517   Severity: Severe   Category: Exploit   Path: containerfile:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyApplet.class;file:_C:\Users\clong\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\1c503205-59390626->apps/MyLoader.class   Detection Origin: Local machine   Detection Type: Concrete   Detection Source: Real-Time Protection   User: NT AUTHORITY\SYSTEM   Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe   Action: Quarantine   Action Status:  No additional actions required   Error Code: 0x8007065e   Error description: Data of this type is not supported.   Signature Version: AV: 1.165.2068.0, AS: 1.165.2068.0, NIS: 109.61.0.0   Engine Version: AM: 1.1.10201.0, NIS: 2.1.10003.0

.

==== End Of File ===========================

 

Link to post
Share on other sites

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 


Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

Next,

 

Uninstall adwcleaner.exe (unless you want to keep it)

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Activate UAC
       
  • Remove disinfection tools
       
  • Purge System Restore
       
  • Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any tools/logs left on the Desktop or downloads folder can be safely deleted...

 

Let me know if those steps complete ok, also if any remaining issues or concerns....

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.