Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Next,
     
    Download Farbar Recovery Scan Tool and save it to your desktop.
     
    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin

Link to post
Share on other sites

sorry ...

 

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : Eric [Admin rights]
Mode : Scan -- Date : 02/12/2014 01:38:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\windows\TEMP\{45DC1750-B1D8-4A59-94A4-B2984E92A897}.exe - --uninstall=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 8a17c6ad58d55942b5701df15b6e920a
[bSP] a54f61e0b8a9a2b30e1f51548235d699 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 599489 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1230827520 | Size: 9490 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02122014_013844.txt >>

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014 01
Ran by Eric (administrator) on ERIC-PC on 12-02-2014 01:47:18
Running from C:\Users\Eric\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [521640 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [844152 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-15] (Conexant systems, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1697064 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [iTSecMng] - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-23] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611736 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468904 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [31648 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [FAHConsole] - C:\Program Files\File Association Helper\FAHConsole.exe [239288 2013-09-26] (WinZip Computing International, LLC)
HKU\S-1-5-21-3390684805-3501667938-2072976212-1001\...\Run: [spotify Web Helper] - C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-09] (Spotify Ltd)
HKU\S-1-5-21-3390684805-3501667938-2072976212-1001\...\Run: [spotify] - C:\Users\Eric\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-09] (Spotify Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1FF5A248C020CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6CF5C735-6998-41FA-AC5D-F82623F5CF0A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6CF5C735-6998-41FA-AC5D-F82623F5CF0A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0B609655-AF7C-4C21-A26B-109E3484416D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={CB24A6FD-1A35-468F-BEEE-D7DC44409698}&mid=2c3dda9937e14839af1099ad8a5a1c3c-b48f4f7af7bb03543b1bb8bacbd4a61dd5eba50b〈=en&ds=hk011&pr=&d=2012-10-31 23:23:25&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\19gnt7l9.default-1391255293423
FF Homepage: www.google.com.au
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Eric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-11]

Chrome:
=======
CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP6CF5C735-6998-41FA-AC5D-F82623F5CF0A&SSPV=

CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP6CF5C735-6998-41FA-AC5D-F82623F5CF0A&q={searchTerms}&SSPV=
CHR Extension: (Google Drive) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-22]
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-22]
CHR Extension: (Google Search) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-22]
CHR Extension: (No Name) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2013-01-27]
CHR Extension: (Invite All) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2012-11-22]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-22]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Eric\AppData\Local\Temp\crx9F60.tmp [2012-11-22]
CHR HKLM\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\Eric\AppData\Local\Temp\tbch.crx [2012-11-22]
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Eric\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-20]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Eric\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-15]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-11]
CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Eric\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-11-20]

========================== Services (Whitelisted) =================

R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3791872 2010-10-20] (Native Instruments GmbH)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-30] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112032 2010-12-09] (TOSHIBA Corporation)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-11] (AVG Technologies)
R3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [33640 2010-10-19] (Atheros)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-11] (Malwarebytes Corporation)
R3 MEI; C:\windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-09] (TOSHIBA Corporation)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Eric\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Eric\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 Tosrfcom; No ImagePath
U3 TrueSight; \??\C:\windows\system32\TrueSight.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-12 01:47 - 2014-02-12 01:47 - 00018264 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-02-12 01:46 - 2014-02-12 01:47 - 00000000 ____D () C:\FRST
2014-02-12 01:45 - 2014-02-12 01:46 - 01139712 _____ (Farbar) C:\Users\Eric\Desktop\FRST.exe
2014-02-12 01:38 - 2014-02-12 01:38 - 00001868 _____ () C:\Users\Eric\Desktop\RKreport[0]_S_02122014_013844.txt
2014-02-12 01:35 - 2014-02-12 01:35 - 00151664 _____ () C:\windows\Minidump\021214-25240-01.dmp
2014-02-12 01:33 - 2014-02-12 01:33 - 03813376 _____ () C:\Users\Eric\Downloads\RogueKiller.exe
2014-02-12 01:29 - 2014-02-12 01:29 - 00151920 _____ () C:\windows\Minidump\021214-22729-01.dmp
2014-02-12 01:28 - 2014-02-12 01:38 - 00000000 ____D () C:\Users\Eric\Desktop\RK_Quarantine
2014-02-12 01:15 - 2014-02-12 01:15 - 00153480 _____ () C:\windows\Minidump\021214-27799-01.dmp
2014-02-12 01:14 - 2014-02-12 01:28 - 00014336 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-02-12 01:14 - 2014-02-12 01:25 - 00000000 ____D () C:\Users\Eric\Desktop\music folders
2014-02-11 21:43 - 2014-02-11 21:44 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-02-05 18:05 - 2014-02-05 18:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-01 22:36 - 2014-02-01 22:36 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 22:04 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\Eric\Downloads\Boysonweb
2014-02-01 22:02 - 2014-02-01 22:33 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
2014-02-01 22:01 - 2014-02-01 22:01 - 01307736 _____ (BitTorrent Inc.) C:\Users\Eric\Downloads\utorrent.exe
2014-01-29 23:30 - 2014-01-29 23:30 - 00200447 _____ () C:\Users\Eric\Downloads\Travel-Policy_Eric.xps.zip
2014-01-29 23:30 - 2014-01-29 23:30 - 00198521 _____ () C:\Users\Eric\Downloads\Payment_eric.xps.zip
2014-01-28 19:30 - 2014-01-28 19:30 - 00002292 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-01-28 19:29 - 2014-01-28 19:31 - 00000000 ____D () C:\Users\Eric\AppData\Local\WinZip
2014-01-28 19:29 - 2014-01-28 19:29 - 00000000 ____D () C:\Program Files\WinZip
2014-01-22 21:33 - 2014-01-22 21:48 - 96952524 _____ () C:\Users\Eric\Downloads\Desktop.rar

==================== One Month Modified Files and Folders =======

2014-02-12 01:47 - 2014-02-12 01:47 - 00018264 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-02-12 01:47 - 2014-02-12 01:46 - 00000000 ____D () C:\FRST
2014-02-12 01:46 - 2014-02-12 01:45 - 01139712 _____ (Farbar) C:\Users\Eric\Desktop\FRST.exe
2014-02-12 01:45 - 2013-02-06 12:41 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Spotify
2014-02-12 01:43 - 2011-07-04 19:14 - 01929544 _____ () C:\windows\WindowsUpdate.log
2014-02-12 01:40 - 2013-05-31 01:35 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-12 01:40 - 2012-07-28 01:07 - 00000878 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-12 01:40 - 2009-07-14 15:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-12 01:40 - 2009-07-14 15:39 - 00178362 _____ () C:\windows\setupact.log
2014-02-12 01:38 - 2014-02-12 01:38 - 00001868 _____ () C:\Users\Eric\Desktop\RKreport[0]_S_02122014_013844.txt
2014-02-12 01:38 - 2014-02-12 01:28 - 00000000 ____D () C:\Users\Eric\Desktop\RK_Quarantine
2014-02-12 01:35 - 2014-02-12 01:35 - 00151664 _____ () C:\windows\Minidump\021214-25240-01.dmp
2014-02-12 01:35 - 2012-04-02 17:32 - 264555967 _____ () C:\windows\MEMORY.DMP
2014-02-12 01:35 - 2012-04-02 17:32 - 00000000 ____D () C:\windows\Minidump
2014-02-12 01:33 - 2014-02-12 01:33 - 03813376 _____ () C:\Users\Eric\Downloads\RogueKiller.exe
2014-02-12 01:29 - 2014-02-12 01:29 - 00151920 _____ () C:\windows\Minidump\021214-22729-01.dmp
2014-02-12 01:28 - 2014-02-12 01:14 - 00014336 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-02-12 01:25 - 2014-02-12 01:14 - 00000000 ____D () C:\Users\Eric\Desktop\music folders
2014-02-12 01:24 - 2013-06-23 17:52 - 00000000 ____D () C:\Users\Eric\Desktop\movies bec
2014-02-12 01:24 - 2012-05-14 00:25 - 00000000 ____D () C:\Users\Eric\Desktop\dj samples
2014-02-12 01:22 - 2009-07-14 15:34 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 01:22 - 2009-07-14 15:34 - 00024912 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 01:19 - 2013-08-12 19:07 - 00000000 ____D () C:\Users\Eric\Documents\pkr
2014-02-12 01:15 - 2014-02-12 01:15 - 00153480 _____ () C:\windows\Minidump\021214-27799-01.dmp
2014-02-12 01:13 - 2012-07-28 01:07 - 00000882 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 01:10 - 2012-09-09 14:02 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 21:44 - 2014-02-11 21:43 - 00040776 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-02-11 21:43 - 2011-10-12 20:48 - 00000000 ____D () C:\Users\Eric\Documents\VirtualDJ
2014-02-10 12:01 - 2010-11-21 08:01 - 00778150 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-08 20:13 - 2013-02-06 12:42 - 00000000 ____D () C:\Users\Eric\AppData\Local\Spotify
2014-02-08 00:02 - 2009-07-14 13:37 - 00000000 ____D () C:\windows\system32\NDF
2014-02-06 22:19 - 2012-04-26 02:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-05 18:10 - 2012-09-09 14:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-05 18:10 - 2012-09-09 14:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 18:05 - 2014-02-05 18:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-04 10:14 - 2012-10-31 23:23 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-02-02 10:00 - 2010-11-21 08:48 - 00268416 _____ () C:\windows\PFRO.log
2014-02-02 10:00 - 2009-07-14 13:37 - 00000000 ____D () C:\windows\security
2014-02-01 22:36 - 2014-02-01 22:36 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-01 22:36 - 2012-12-05 18:52 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-01 22:33 - 2014-02-01 22:02 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
2014-02-01 22:33 - 2011-10-25 21:41 - 00000000 ____D () C:\Users\Eric\AppData\Local\Conduit
2014-02-01 22:22 - 2014-02-01 22:04 - 00000000 ____D () C:\Users\Eric\Downloads\Boysonweb
2014-02-01 22:01 - 2014-02-01 22:01 - 01307736 _____ (BitTorrent Inc.) C:\Users\Eric\Downloads\utorrent.exe
2014-01-29 23:30 - 2014-01-29 23:30 - 00200447 _____ () C:\Users\Eric\Downloads\Travel-Policy_Eric.xps.zip
2014-01-29 23:30 - 2014-01-29 23:30 - 00198521 _____ () C:\Users\Eric\Downloads\Payment_eric.xps.zip
2014-01-28 19:31 - 2014-01-28 19:29 - 00000000 ____D () C:\Users\Eric\AppData\Local\WinZip
2014-01-28 19:31 - 2013-09-13 01:45 - 00000000 ____D () C:\ProgramData\WinZip
2014-01-28 19:30 - 2014-01-28 19:30 - 00002292 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-01-28 19:29 - 2014-01-28 19:29 - 00000000 ____D () C:\Program Files\WinZip
2014-01-22 21:48 - 2014-01-22 21:33 - 96952524 _____ () C:\Users\Eric\Downloads\Desktop.rar

Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\BingoCabinInstaller.exe
C:\Users\Eric\AppData\Local\Temp\kv25qf1m.dll
C:\Users\Eric\AppData\Local\Temp\nsa3612.exe
C:\Users\Eric\AppData\Local\Temp\nsaBDF8.exe
C:\Users\Eric\AppData\Local\Temp\nsaEC4A.exe
C:\Users\Eric\AppData\Local\Temp\nsfEE3E.exe
C:\Users\Eric\AppData\Local\Temp\nskB780.exe
C:\Users\Eric\AppData\Local\Temp\nspEA36.exe
C:\Users\Eric\AppData\Local\Temp\nsvB9E2.exe
C:\Users\Eric\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Eric\AppData\Local\Temp\tbedrs.dll
C:\Users\Eric\AppData\Local\Temp\tbuTo0.dll
C:\Users\Eric\AppData\Local\Temp\TB_E145.exe
C:\Users\Eric\AppData\Local\Temp\utt4221.tmp.exe
C:\Users\Eric\AppData\Local\Temp\utt68C7.tmp.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-11 23:14

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me se the logs from above scans, also tell me if any remaining issues or concerns..

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014 01
Ran by Eric at 2014-02-12 12:12:18 Run:1
Running from C:\Users\Eric\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Users\Eric\AppData\Local\Temp\BingoCabinInstaller.exe
C:\Users\Eric\AppData\Local\Temp\kv25qf1m.dll
C:\Users\Eric\AppData\Local\Temp\nsa3612.exe
C:\Users\Eric\AppData\Local\Temp\nsaBDF8.exe
C:\Users\Eric\AppData\Local\Temp\nsaEC4A.exe
C:\Users\Eric\AppData\Local\Temp\nsfEE3E.exe
C:\Users\Eric\AppData\Local\Temp\nskB780.exe
C:\Users\Eric\AppData\Local\Temp\nspEA36.exe
C:\Users\Eric\AppData\Local\Temp\nsvB9E2.exe
C:\Users\Eric\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Eric\AppData\Local\Temp\tbedrs.dll
C:\Users\Eric\AppData\Local\Temp\tbuTo0.dll
C:\Users\Eric\AppData\Local\Temp\TB_E145.exe
C:\Users\Eric\AppData\Local\Temp\utt4221.tmp.exe
C:\Users\Eric\AppData\Local\Temp\utt68C7.tmp.exe
End
*****************

C:\Users\Eric\AppData\Local\Temp\BingoCabinInstaller.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\kv25qf1m.dll => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nsa3612.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nsaBDF8.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nsaEC4A.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nsfEE3E.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nskB780.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nspEA36.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\nsvB9E2.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\tbedrs.dll => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\tbuTo0.dll => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\TB_E145.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\utt4221.tmp.exe => Moved successfully.
C:\Users\Eric\AppData\Local\Temp\utt68C7.tmp.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.018 - Report created 12/02/2014 at 12:22:52
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Eric - ERIC-PC
# Running from : C:\Users\Eric\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Eric\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Eric\AppData\Local\Conduit
Folder Deleted : C:\Users\Eric\AppData\Local\Wajam
Folder Deleted : C:\Users\Eric\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Eric\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Eric\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v27.0 (en-GB)

[ File : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\19gnt7l9.default-1391255293423\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9564 octets] - [12/02/2014 12:17:33]
AdwCleaner[s0].txt - [8825 octets] - [12/02/2014 12:22:52]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8885 octets] ##########
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x86
Ran by Eric on Wed 12/02/2014 at 12:29:03.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3390684805-3501667938-2072976212-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B609655-AF7C-4C21-A26B-109E3484416D}



~~~ Files

Successfully deleted: [File] "C:\Users\Eric\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Eric\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Eric\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{054DD84F-6315-4097-8619-46535782352B}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{10FEDAD4-D9E0-49EF-B494-C5F1403B8E12}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{1B9AFAE1-D54B-4553-A42F-D15CC759EA40}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{204E4340-A43B-46D0-A491-F325A645AA2C}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{2BC28982-0749-47F3-970C-FC112F83F2EE}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{39DC015B-B2DE-4ED2-A4E5-BEB54377DCAB}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{3AE323B5-BD5D-4810-812A-7115B9D63B1A}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{4415B70E-69DB-40E6-A6BF-145B94B96779}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{50A69BB3-5E64-438D-8AFC-E5528EE416D9}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{64CC39D0-CA71-45FE-8254-6F8002E379B7}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{67C105AC-1DB3-4064-8100-36E877FC97DF}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{7E4B2218-113F-4316-A12C-A91FBD503A3F}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{850AD24B-FC85-42BE-8562-EEC6013E0CE9}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{8C27FB2D-5BFB-420A-BB0E-A840350F628C}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{920A076D-C803-4058-85FF-09FD11B33C25}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{96F1638A-C4CD-4E1D-83B7-17C639D62E3A}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{9F1288F6-61DD-4C19-BD1F-F83BA3BD6A70}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{ACCE5862-C5D3-4337-A27E-07FFFB072C0C}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{B6868B9C-3101-481E-901A-DCD80A59682A}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{B9F976DD-8697-43E1-850A-9E894A71CBA9}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{C0D8427C-5D66-4566-BD9A-ABB6A4EFB96C}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{DBADD962-E56C-45F7-AB1A-7FC7DE394017}
Successfully deleted: [Empty Folder] C:\Users\Eric\appdata\local\{E324BA3E-45A2-4632-9E07-B92032B4CAED}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Eric\AppData\Roaming\mozilla\firefox\profiles\19gnt7l9.default-1391255293423\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/02/2014 at 12:30:58.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.11.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Eric :: ERIC-PC [administrator]

12/02/2014 3:20:23 PM
mbam-log-2014-02-12 (15-20-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 175600
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Eric\AppData\Local\Temp\CT3220468 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Users\Eric\AppData\Local\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\CT3220468.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\CT3220468.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\dtime.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric\AppData\Local\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

Nothing major in those logs, plenty adware and PUPS (Potentially unwanted Programs), We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Try Security Checks one more time  after a reboot..Also let me know if any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

C:\$RECYCLE.BIN\S-1-5-21-3390684805-3501667938-2072976212-1001\$RPTMFUZ\08n68c7l.default\prefs.js    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-3390684805-3501667938-2072976212-1001\$RPTMFUZ\08n68c7l.default\user.js    JS/SecurityDisabler.A.Gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application
C:\FRST\Quarantine\tbedrs.dll12-02-2014_12-12-19    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\tbuTo0.dll12-02-2014_12-12-19    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\utt4221.tmp.exe12-02-2014_12-12-19    a variant of Win32/Toolbar.Conduit potentially unwanted application
C:\FRST\Quarantine\utt68C7.tmp.exe12-02-2014_12-12-19    Win32/Toolbar.Conduit.R potentially unwanted application
C:\Program Files\Dream Video Converter Ultimate\toolbar\solidyoutube-hybrid.exe    Win32/Somoto.F potentially unwanted application
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TE19DQKZ\SPSetup[1].exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVH9HQAY\spstub[1].exe    Win32/Conduit.SearchProtect.L potentially unwanted application
C:\Users\Eric\AppData\Local\Reimage\bvgnlvoi.dll    Win32/Kryptik.AQXL.Gen trojan
C:\Users\Eric\AppData\Local\Temp\eoggic1z.exe.part    Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\Eric\AppData\Local\Temp\EsWUW5rd.exe.part    Win32/Adware.1ClickDownload.AM application
C:\Users\Eric\AppData\Local\Temp\luc4060.tmp    a variant of Win32/PrimeCasino.A potentially unwanted application
C:\Users\Eric\AppData\Local\Temp\OLOF7Xq9.exe.part    a variant of Win32/iLivid.A potentially unwanted application
C:\Users\Eric\AppData\Local\Temp\nsk8E0F\SpSetup.exe    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Eric\Downloads\BestVideoDownloaderSetup.exe    multiple threats
C:\Users\Eric\Downloads\cnet2_dorgem210_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Eric\Downloads\dream-mkv-to-avi-converter.exe    Win32/Somoto.F potentially unwanted application
C:\Users\Eric\Downloads\gtk2139-setup.exe    a variant of Win32/1AntiVirus potentially unwanted application
C:\Users\Eric\Downloads\luckynugget.exe    a variant of Win32/PrimeCasino.A potentially unwanted application
C:\Users\Eric\Downloads\playzy_spnsr_48226.exe    a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\Users\Eric\Downloads\SoftonicDownloader_for_vlc-media-player.exe    Win32/SoftonicDownloader potentially unwanted application
C:\Users\Eric\Downloads\SoftonicDownloader_for_windows-live-messenger.exe    Win32/SoftonicDownloader.D potentially unwanted application
C:\Users\Eric\Downloads\Image-Line.FL.Studio.ASSiGN.Edition.v10.0.8-ASSiGN\flstudio_10.0.8.exe    Win32/OpenCandy potentially unsafe application
 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 31  
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player     12.0.0.44  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (27.0)
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Yes we need to remove those entries:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\$RECYCLE.BIN\S-1-5-21-3390684805-3501667938-2072976212-1001\$RPTMFUZ\08n68c7l.default\prefs.js    C:\$RECYCLE.BIN\S-1-5-21-3390684805-3501667938-2072976212-1001\$RPTMFUZ\08n68c7l.default\user.js  C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TE19DQKZ\SPSetup[1].exe  C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVH9HQAY\spstub[1].exe    C:\Users\Eric\AppData\Local\Reimage\bvgnlvoi.dllC:\Users\Eric\AppData\Local\Temp\eoggic1z.exe.partC:\Users\Eric\AppData\Local\Temp\EsWUW5rd.exe.part    C:\Users\Eric\AppData\Local\Temp\luc4060.tmp    C:\Users\Eric\AppData\Local\Temp\OLOF7Xq9.exe.part   C:\Users\Eric\AppData\Local\Temp\nsk8E0F\SpSetup.exe    C:\Users\Eric\Downloads\BestVideoDownloaderSetup.exe   C:\Users\Eric\Downloads\cnet2_dorgem210_exe.exe    C:\Users\Eric\Downloads\dream-mkv-to-avi-converter.exe   C:\Users\Eric\Downloads\gtk2139-setup.exe    C:\Users\Eric\Downloads\luckynugget.exe  C:\Users\Eric\Downloads\playzy_spnsr_48226.exeC:\Users\Eric\Downloads\SoftonicDownloader_for_vlc-media-player.exe    C:\Users\Eric\Downloads\SoftonicDownloader_for_windows-live-messenger.exe    C:\Users\Eric\Downloads\Image-Line.FL.Studio.ASSiGN.Edition.v10.0.8-ASSiGN\flstudio_10.0.8.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Uninstall Dream Video Converter Ultimate

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Post OTM log, run Malwarebytes quick scan and post that log, let me know if any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

All processes killed
========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-21-3390684805-3501667938-2072976212-1001\$RPTMFUZ\08n68c7l.default\prefs.js moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-3390684805-3501667938-2072976212-1001\$RPTMFUZ\08n68c7l.default\user.js moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TE19DQKZ\SPSetup[1].exe moved successfully.
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVH9HQAY\spstub[1].exe moved successfully.
DllUnregisterServer procedure not found in C:\Users\Eric\AppData\Local\Reimage\bvgnlvoi.dll
C:\Users\Eric\AppData\Local\Reimage\bvgnlvoi.dll moved successfully.
C:\Users\Eric\AppData\Local\Temp\eoggic1z.exe.part moved successfully.
C:\Users\Eric\AppData\Local\Temp\EsWUW5rd.exe.part moved successfully.
C:\Users\Eric\AppData\Local\Temp\luc4060.tmp moved successfully.
C:\Users\Eric\AppData\Local\Temp\OLOF7Xq9.exe.part moved successfully.
C:\Users\Eric\AppData\Local\Temp\nsk8E0F\SpSetup.exe moved successfully.
C:\Users\Eric\Downloads\BestVideoDownloaderSetup.exe moved successfully.
C:\Users\Eric\Downloads\cnet2_dorgem210_exe.exe moved successfully.
C:\Users\Eric\Downloads\dream-mkv-to-avi-converter.exe moved successfully.
C:\Users\Eric\Downloads\gtk2139-setup.exe moved successfully.
C:\Users\Eric\Downloads\luckynugget.exe moved successfully.
C:\Users\Eric\Downloads\playzy_spnsr_48226.exe moved successfully.
C:\Users\Eric\Downloads\SoftonicDownloader_for_vlc-media-player.exe moved successfully.
C:\Users\Eric\Downloads\SoftonicDownloader_for_windows-live-messenger.exe moved successfully.
C:\Users\Eric\Downloads\Image-Line.FL.Studio.ASSiGN.Edition.v10.0.8-ASSiGN\flstudio_10.0.8.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Eric
->Temp folder emptied: 3975704763 bytes
->Temporary Internet Files folder emptied: 418491401 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 379387137 bytes
->Google Chrome cache emptied: 390991190 bytes
->Flash cache emptied: 7870 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483817136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 82626837 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 787 bytes
RecycleBin emptied: 76293768 bytes
 
Total Files Cleaned = 5,538.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 02132014_012754
 

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.11.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Eric :: ERIC-PC [administrator]

13/02/2014 1:55:43 AM
mbam-log-2014-02-13 (01-55-43).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 176397
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Yes all looks good, never saw any major infection on your system. ESET scan identify couple of entries that would appear to be remnants of a previous infection. Do the following:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools
       
  • Purge System Restore

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Let me know if those steps complete ok, also if any remaining issues or concerns..

 

Kevin

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.