Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

torrent trogen or virus

This is a discussion on torrent trogen or virus within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. my system seams to be getting really slow when i click on links it takes about 2 minutes for the


 
 
Thread Tools Search this Thread
Old 03-01-2013, 05:55 PM   #1
Registered Member
 
Join Date: Jul 2007
Posts: 327
OS: windows 7



my system seams to be getting really slow when i click on links it takes about 2 minutes for the link to open as i have done scans with all the free tools available to me i use to download torrents as well so can someone clean out my system for me please or just have a look at what is going on.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by wayne at 10:45:04 on 2013-03-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.1038 [GMT 10:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\System32\alg.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\TurboYourPC\TurboYourPCTray.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Users\wayne\AppData\Local\Mozilla Firefox\firefox.exe
C:\Users\wayne\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Users\wayne\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchnu.com/406
uSearch Bar = Preserve
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{AEDB4C5B-511E-4F24-8612-EBAA388B3A8F} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{CBC15570-2490-4E9D-B37C-9C2452B7E641} : DHCPNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: avgsecuritytoolbar - <Clsid value has no data>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&CUI=UN70031433728806666&UM=1&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=420&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3100940617624097&o=APN10645&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\wayne\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\wayne\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{edbc2cbd-b8ae-4185-a1fd-4badf47dc4da}\plugins\np-mswmp.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{edbc2cbd-b8ae-4185-a1fd-4badf47dc4da}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\wayne\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-03 15:31; firebug@software.joehewitt.com; C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-02-03 17:56; 65ffxtbr@FromDocToPDF_65.com; C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\65ffxtbr@FromDocToPDF_65.com
FF - ExtSQL: 2013-02-24 08:17; {edbc2cbd-b8ae-4185-a1fd-4badf47dc4da}; C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{edbc2cbd-b8ae-4185-a1fd-4badf47dc4da}
FF - ExtSQL: 2013-02-24 10:27; {B81B80BF-8F35-4BC0-9236-EFB3F7EE9282}; C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{B81B80BF-8F35-4BC0-9236-EFB3F7EE9282}.xpi
FF - ExtSQL: 2013-02-25 16:48; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
FF - ExtSQL: 2013-02-27 20:06; {ba14329e-9550-4989-b3f2-9732e92d17cc}; C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\v1obdmfc.default-1351150431684\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - ExtSQL: !HIDDEN! 2012-09-29 19:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-02-03 17:57; 65ffxtbr@FromDocToPDF_65.com; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00040/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.hpOld - hxxp://start.roboform.com
FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/INF00040/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/INF00040/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic.dspOld - Search the web (Babylon)
FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00040/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00040/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 2a479637000000000000ac81125f90e3
FF - user.js: extensions.Softonic.instlDay - 15663
FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.421:19:34
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - INF00040
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=2a479637000000000000ac81125f90e3&q=
FF - user.js: extensions.BabylonToolbar.id - 2a479637000000000000ac81125f90e3
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15691
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.917:47:21
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116301&tt=5112_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-8-13 25312]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-9-28 45656]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-2-22 465216]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-8-13 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-26 237056]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-30 13592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-3-10 951632]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-12 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-12 682344]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2012-8-16 372736]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-6-14 64600]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-2-28 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-2-28 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-2-28 168384]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-8-13 78952]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-15 2754984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-19 2365792]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-8-13 285152]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-12 24176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-8-24 1885792]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-23 565352]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-8-28 11880]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 Codecs Pack Manager;Codecs Pack Manager;C:\ProgramData\Codecs Pack Manager\2.2.558.175\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.exe [2012-8-16 1695776]
S2 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2012-8-16 625728]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-8-16 231440]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-13 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-13 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2013-03-01 13:45:52 -------- d-----w- C:\Users\wayne\AppData\Roaming\T55
2013-03-01 13:45:42 -------- d-----w- C:\Program Files (x86)\PC Speed Up
2013-03-01 12:55:39 -------- d-----w- C:\Users\wayne\AppData\Roaming\AVG2013
2013-03-01 12:53:25 -------- d--h--w- C:\$AVG
2013-03-01 12:53:25 -------- d-----w- C:\ProgramData\AVG2013
2013-03-01 12:49:47 -------- d-----w- C:\Users\wayne\AppData\Local\MFAData
2013-03-01 12:49:47 -------- d-----w- C:\Users\wayne\AppData\Local\Avg2013
2013-03-01 12:49:47 -------- d-----w- C:\ProgramData\MFAData
2013-03-01 11:19:44 -------- d-----w- C:\ProgramData\Photo Notifier and Animation Creator
2013-03-01 11:19:44 -------- d-----w- C:\Program Files (x86)\Photo Notifier and Animation Creator
2013-03-01 09:27:07 -------- d-----w- C:\Users\wayne\AppData\Roaming\Smadav
2013-03-01 09:27:07 -------- d-----w- C:\Program Files (x86)\Smadav
2013-03-01 09:26:53 -------- d-sh--w- C:\[Smad-Cage]
2013-02-28 12:48:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-02-28 12:48:33 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-02-28 12:48:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-02-28 12:13:01 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2013-02-28 09:20:13 -------- d-----w- C:\ProgramData\Simply Super Software
2013-02-27 19:08:07 -------- d-----w- C:\Users\wayne\AppData\Roaming\File Scout
2013-02-27 12:23:19 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2013-02-27 12:23:11 -------- d-----w- C:\Program Files (x86)\TornTV.com
2013-02-27 11:54:24 -------- d-----w- C:\ProgramData\Browser Manager
2013-02-27 11:45:53 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2012
2013-02-27 10:16:07 -------- d-----w- C:\Program Files (x86)\TuneUpMedia
2013-02-27 10:16:06 -------- d-----w- C:\Users\wayne\AppData\Roaming\TuneUpMedia
2013-02-27 10:16:04 -------- d-----w- C:\ProgramData\TuneUpMedia
2013-02-27 09:45:16 -------- d-----w- C:\ProgramData\Wincert
2013-02-27 09:45:03 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar
2013-02-26 09:52:39 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-26 09:52:39 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-26 07:29:27 -------- d-----w- C:\Program Files (x86)\Cliff Carrigan
2013-02-26 07:29:15 -------- d-----w- C:\Users\wayne\AppData\Local\Programs
2013-02-25 06:48:55 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
2013-02-25 06:48:45 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-02-23 11:21:59 -------- d-----w- C:\Users\wayne\AppData\Local\Mozilla Firefox
2013-02-22 03:33:21 -------- d-----w- C:\ProgramData\IObit
2013-02-22 03:10:32 -------- d-----w- C:\Users\wayne\AppData\Roaming\IObit
2013-02-22 03:10:31 -------- d-----w- C:\Program Files (x86)\IObit
2013-02-21 10:26:09 -------- d-----w- C:\Users\wayne\AppData\Roaming\com.longtailpro.LongTailPro
2013-02-21 10:26:00 -------- d-----w- C:\Program Files (x86)\LongTailPro
2013-02-16 20:42:31 -------- d-----w- C:\Users\wayne\AppData\Local\Fuze Box
2013-02-16 03:22:42 -------- d-----w- C:\Users\wayne\AppData\Local\assembly
2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 17:03:28 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:03:28 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 09:04:48 -------- d-----w- C:\Users\wayne\AppData\Roaming\RealNetworks
2013-02-13 09:04:45 -------- d-----w- C:\Users\wayne\AppData\Roaming\OpenCandy
2013-02-13 09:04:32 -------- d-----w- C:\ProgramData\RealNetworks
2013-02-13 09:04:32 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-02-13 09:04:26 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-02-13 06:22:53 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 06:22:53 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 06:22:53 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 06:22:45 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 06:22:42 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 06:22:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 06:22:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 06:22:42 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 06:22:42 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 06:22:42 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 06:22:36 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 06:22:36 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-11 02:25:29 -------- d-----w- C:\Users\wayne\AppData\Roaming\EasyLinkGrabber
2013-02-11 02:20:12 -------- d-----w- C:\Program Files (x86)\EasyLinkGrabber
2013-02-10 11:01:22 -------- d-----w- C:\Users\wayne\AppData\Local\EasyProjectManager
2013-02-10 10:58:35 -------- d-----w- C:\Program Files (x86)\EasyProjectManager
2013-02-03 07:56:52 -------- d-----w- C:\Users\wayne\AppData\Local\FromDocToPDF_65
2013-02-03 07:56:49 -------- d-----w- C:\Program Files (x86)\FromDocToPDF_65
2013-02-03 06:23:32 -------- d-----w- C:\Users\wayne\AppData\Roaming\SocialRankJetSuite
2013-02-01 12:03:01 -------- d-----w- C:\Users\wayne\AppData\Roaming\JonathanLeger.com
2013-02-01 12:00:37 -------- d-----w- C:\Users\wayne\AppData\Local\JonathanLeger.com
2013-02-01 11:58:19 -------- d-----w- C:\Program Files (x86)\TheBestSpinner3
2013-02-01 10:39:02 -------- d-----w- C:\Program Files (x86)\IM Powerhouse
.
==================== Find3M ====================
.
2013-02-27 09:51:05 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 09:51:05 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-13 09:04:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-02-13 09:04:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 06:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
.
============= FINISH: 10:45:38.49 ===============
Attached Files
File Type: zip attach.zip (8.0 KB, 21 views)

__________________
cossie is offline  
Old 03-20-2013, 06:18 PM   #2
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



Do you still need help?

__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-21-2013, 12:13 AM   #3
Registered Member
 
Join Date: Jul 2007
Posts: 327
OS: windows 7



i would love for someone to take a look at what is going on and give some assistance to my issue, as my pc i still very slow but i am getting bye.
__________________
cossie is offline  
Old 03-21-2013, 04:37 AM   #4
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



Apologies for any delay, but as you can see we are very busy here. :)

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that.... Let's get going!!
----------

Please run a fresh scan with DDS and post both the DDS.txt and the Attach.txt
------------------

Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.


Click the image to enlarge it
-------------

AdwCleaner
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-23-2013, 03:25 AM   #5
Registered Member
 
Join Date: Jul 2007
Posts: 327
OS: windows 7



here is my scan of the mbr and adwcleaner thanks.
Attached Files
File Type: txt aswMBR.txt (2.0 KB, 10 views)
File Type: txt AdwCleaner[S1].txt (38.8 KB, 10 views)
__________________
cossie is offline  
Old 03-23-2013, 08:15 AM   #6
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



ComboFix

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------
__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-24-2013, 02:35 AM   #7
Registered Member
 
Join Date: Jul 2007
Posts: 327
OS: windows 7



here is the combofix txt file
Attached Files
File Type: txt combofix.txt (39.7 KB, 13 views)
__________________
cossie is offline  
Old 03-24-2013, 08:46 AM   #8
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



ComboFix
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
    Quote:

    ClearJavaCache::

    DDS::
    uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AU&userid=5da6eaab-04f1-47a9-930f-0f564b633ec7&searchtype=ds&q={searchTerms}&installDate={installDate}
    uStart Page = hxxp://www.searchnu.com/406
    BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll
    TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll
    AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    x64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll

    Firefox::
    FF - ProfilePath - c:\users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\egps1ro4.default\
    FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AU&userid=5da6eaab-04f1-47a9-930f-0f564b633ec7&searchtype=hp&installDate=01/01/1970
    FF - ExtSQL: 2013-02-04 17:31; 65ffxtbr@FromDocToPDF_65.com; c:\program files (x86)\FromDocToPDF_65\bar\1.bin
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9BED1F25-4EB0-42F9-A088-9BCD16EF8580&n=77fc68d8&ind=2013030616&p2=^Y6^xdm036^YY^au&si=swissconverter&searchfor=
    FF - user.js: extensions.mixidj.tlbrSrchUrl -
    FF - user.js: extensions.mixidj.id - 2a479637000000000000ac81125f90e3
    FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
    FF - user.js: extensions.mixidj.instlDay - 15787
    FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
    FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
    FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.123:02
    FF - user.js: extensions.mixidj.prtnrId - mixidj
    FF - user.js: extensions.mixidj.prdct - mixidj
    FF - user.js: extensions.mixidj.aflt - babsst
    FF - user.js: extensions.mixidj_i.smplGrp - none
    FF - user.js: extensions.mixidj.tlbrId - mdelta
    FF - user.js: extensions.mixidj.instlRef - sst
    FF - user.js: extensions.mixidj.dfltLng - en
    FF - user.js: extensions.mixidj_i.excTlbr - false
    FF - user.js: extensions.mixidj.excTlbr - false
    FF - user.js: extensions.mixidj.admin - false
    FF - user.js: extensions.mixidj.autoRvrt - false
    FF - user.js: extensions.mixidj.rvrt - false
    FF - user.js: extensions.mixidj_i.newTab - false

    File::
    c:\program files (x86)\IObit Apps Toolbar\IE\6.9\iobitappsToolbarIE.dll
    c:\program files (x86)\Deal Spy\Deal Spy.dll
    c:\program files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll
    c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll
    c:\program files (x86)\Smadav\SM?RTP.exe
    c:\progra~3\browse~2\261125~1.80\{c16c1~1\browse~1.dll c:\progra~3\browse~2\261125~1.80\{c16c1~1\browserprotect.dll
    c:\programdata\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe
    c:\program files (x86)\Wajam\Updater\WajamUpdater.exe

    DirLook::
    c:\program files (x86)\Free Download Manager
    c:\users\wayne\AppData\Local\Updater26276
    c:\program files (x86)\Tuguu SL
    c:\program files (x86)\Instant Backlink Magic
    c:\program files (x86)\Smadav

    Folder::
    c:\users\wayne\AppData\Local\Wajam
    c:\program files (x86)\Wajam
    c:\programdata\BrowserProtect
    c:\users\wayne\AppData\Roaming\CRMixiDJTB
    c:\program files (x86)\mixidj
    c:\users\wayne\AppData\Roaming\Babylon
    c:\programdata\Babylon
    c:\users\wayne\AppData\Local\Deal Spy
    c:\program files (x86)\Deal Spy
    c:\users\wayne\AppData\Roaming\OpenCandy
    C:\ProgramData\Browser Manager
    C:\Program Files (x86)\Search Results Toolbar

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211621176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=-
    "{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}"=-
    [-HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
    [-HKEY_CLASSES_ROOT\clsid\{ca9b9c89-4662-4adc-9c23-a452becd5d19}]
    [-HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [-HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd]
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SM?RT-Protection"=-

    Driver::
    BrowserProtect
    UtilityChest_49Service
    WajamUpdater
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Post the new ComboFix log and let me know how your system is running now.
__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-25-2013, 01:29 AM   #9
Registered Member
 
Join Date: Jul 2007
Posts: 327
OS: windows 7



here is the second scan results
Attached Files
File Type: txt 2nd text.txt (54.0 KB, 8 views)
__________________
cossie is offline  
Old 03-25-2013, 04:54 AM   #10
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



ComboFix
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:
    Quote:

    ClearJavaCache::

    DDS::
    uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AU&userid=5da6eaab-04f1-47a9-930f-0f564b633ec7&searchtype=ds&q={searchTerms}&installDate={installDate}

    Firefox::
    FF - ProfilePath - c:\users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\egps1ro4.default\
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9BED1F25-4EB0-42F9-A088-9BCD16EF8580&n=77fc68d8&ind=2013030616&p2=^Y6^xdm036^YY^au&si=swissconverter&searchfor=
    FF - ExtSQL: 2013-03-17 09:51; 49ffxtbr@UtilityChest_49.com; c:\program files (x86)\UtilityChest_49\bar\1.bin
    FF - user.js: extensions.mixidj.tlbrSrchUrl -
    FF - user.js: extensions.mixidj.id - 2a479637000000000000ac81125f90e3
    FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
    FF - user.js: extensions.mixidj.instlDay - 15787
    FF - user.js: extensions.mixidj.vrsn - 1.8.4.1
    FF - user.js: extensions.mixidj.vrsni - 1.8.4.1
    FF - user.js: extensions.mixidj_i.vrsnTs - 1.8.4.123:02
    FF - user.js: extensions.mixidj.prtnrId - mixidj
    FF - user.js: extensions.mixidj.prdct - mixidj
    FF - user.js: extensions.mixidj.aflt - babsst
    FF - user.js: extensions.mixidj_i.smplGrp - none
    FF - user.js: extensions.mixidj.tlbrId - mdelta
    FF - user.js: extensions.mixidj.instlRef - sst
    FF - user.js: extensions.mixidj.dfltLng - en
    FF - user.js: extensions.mixidj_i.excTlbr - false
    FF - user.js: extensions.mixidj.excTlbr - false
    FF - user.js: extensions.mixidj.admin - false
    FF - user.js: extensions.mixidj.autoRvrt - false
    FF - user.js: extensions.mixidj.rvrt - false
    FF - user.js: extensions.mixidj_i.newTab - false

    Folder::
    c:\users\wayne\AppData\Local\Updater26276
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------

Post the new ComboFix and CKScanner logs and let me know how your system is running now.
__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-25-2013, 11:58 PM   #11
Registered Member
 
Join Date: Jul 2007
Posts: 327
OS: windows 7



my system is running like crap now and most of the time it dose not respond and i have to close most programs down, i have to shut down my av plus spyware to get this txt.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\antilogger\keygen-\readplease+serial.txt
c:\program files (x86)\antilogger\keygen-\site info.htm
c:\program files (x86)\antilogger\keygen-\where it all comes from!!.url
c:\programdata\incredimail\data\setupdata\sound\tchaikovsky_the_nutcracker_light.imw
c:\users\wayne\appdata\local\im\sound\tchaikovsky_the_nutcracker.imw
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\crackhackforum -blocked-.rfx
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\cracks site safe filecrop.rfb
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\hacking and cracking tools - 2.rfb
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\hacking\best cracking tools all in one.rfb
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\hacking\crack software site eelwee.rfb
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\hacking\crackhackforum.rfp
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\hacking\hacking and cracking tools - 1.rfb
c:\users\wayne\appdata\locallow\siber systems\roboform\userdata\hacking\hacking and cracking tools.rfb
c:\users\wayne\desktop\all my folders\cracked tools\easy_google_url_harvester.rar
c:\users\wayne\desktop\all my folders\cracked tools\ibm21e.rar
c:\users\wayne\desktop\all my folders\cracked tools\instant_backlink_magic_setup.exe
c:\users\wayne\desktop\all my folders\cracked tools\easy google url harvester\cc-easy-google-url-harvester\easygoogleurlharvester_v1.3.1\footprint.txt
c:\users\wayne\desktop\all my folders\cracked tools\easy google url harvester\cc-easy-google-url-harvester\easygoogleurlharvester_v1.3.1\proxy.txt
c:\users\wayne\desktop\all my folders\cracked tools\easy google url harvester\cc-easy-google-url-harvester\easygoogleurlharvester_v1.3.1\quick help.rtf
c:\users\wayne\desktop\all my folders\cracked tools\easy google url harvester\cc-easy-google-url-harvester\easygoogleurlharvester_v1.3.1\raw.txt
c:\users\wayne\desktop\all my folders\cracked tools\easy google url harvester\cc-easy-google-url-harvester\easygoogleurlharvester_v1.3.1\thumbs.db
c:\users\wayne\desktop\all my folders\mike german\2nd crackingtheclickbankcodespecialedition.pdf
c:\users\wayne\desktop\all my folders\mike german\gift 3 crackingtheclickbankcodespecialedition.pdf
c:\users\wayne\documents\my roboform data\default profile\crackhackforum -blocked-.rfx
c:\users\wayne\documents\my roboform data\default profile\cracks site safe filecrop.rfb
c:\users\wayne\documents\my roboform data\default profile\hacking and cracking tools - 2.rfb
c:\users\wayne\documents\my roboform data\default profile\hacking\best cracking tools all in one.rfb
c:\users\wayne\documents\my roboform data\default profile\hacking\crack software site eelwee.rfb
c:\users\wayne\documents\my roboform data\default profile\hacking\crackhackforum.rfp
c:\users\wayne\documents\my roboform data\default profile\hacking\hacking and cracking tools - 1.rfb
c:\users\wayne\documents\my roboform data\default profile\hacking\hacking and cracking tools.rfb
c:\users\wayne\downloads\sendblaster.1.6.2.pro.precrackedwww.dl4all.com.zip
c:\users\wayne\downloads\speedypc pro & serial license crack.html
c:\vseqrntn.bin\keygen_exe_2075022344
c:\vseqrntn.bin\keygen_exe_2075022344(1)
c:\vseqrntn.bin\keygen_rar_3645230634
scanner sequence 3.ZZ.11.FRAPWC
----- EOF -----
__________________
cossie is offline  
Old 03-26-2013, 05:15 AM   #12
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



CKScanner has detected illegal software on your system. Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal. If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime.

This may or may not be related to your computer issues, however, if you wish me to continue helping you, then you must remove both the keygen and crack files as well as the related programs and then run a new scan with CKScanner and post the new log. If you do not agree to this then this thread will be closed and no further help will be offered because I will never be able to tell you your malware logs are clean. Please let me know if you wish to continue.
__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-28-2013, 04:45 AM   #13
Security Team
Analyst
 
jeffce's Avatar
 
Join Date: Feb 2011
Location: USA
Posts: 2,321
OS: Vista and Ubuntu



Still with me?
__________________




Topics are closed if you do not respond within 3 days.
If I am working with you and have not responded in a couple of days please PM me.
jeffce is offline  
Old 03-29-2013, 06:20 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,591
OS: XP Win7 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
svchost virus, or something even worse
So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost. I thought I had everything under control until today when I changed from Norton...
pumpprodigy Resolved HJT Threads 1 01-15-2012 01:09 AM
Same Virus Twice... PC slower with Error Messages - AntiVirus or Virus caused this?
I have Vista 32 bit, and my PC was working fine until I downloaded the same virus twice. I was unsure what had caused it the first time as I was downloading numerous things, but I only realised what it was after trying to re-download one of the programmes a second time after the first virus....
StoneWall_ Inactive Malware Help Topics 2 09-02-2011 06:07 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:20 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts