Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

PC Infected Please help.

This is a discussion on PC Infected Please help. within the Resolved HJT Threads forums, part of the Tech Support Forum category. My pc is heavily infected with malware. Last time I had got a lot of help from this forum. I


 
 
Thread Tools Search this Thread
Old 05-20-2014, 09:28 AM   #1
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



My pc is heavily infected with malware.
Last time I had got a lot of help from this forum.
I dont know the procedure so guide me.

Thanks
Dsoumil is offline  
Sponsored Links
Advertisement
 
Old 05-20-2014, 12:24 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

If necessary, download and run the tools in Safe Mode with Networking:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-21-2014, 11:15 AM   #3
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



DDS logs :-

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.17006 BrowserJavaVersion: 10.40.2
Run by Admin at 3:15:22 on 2014-05-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1258.84.1033.18.3326.1600 [GMT 5.5:30]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Mobogenie\MgAssist.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
c:\oracle11\app\oracle\product\11.2.0\server\bin\ORACLE.EXE
C:\oracle11\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\rserver30\RServer3.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\ExpressFiles\EFUpdater.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Windows\system32\rserver30\FamItrfc.Exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Windows\system32\rserver30\FamItrfc.Exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uDefault_Page_URL = Google
mStart Page = Google
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398750498&from=exp&uid=ST3120022A_5JT2JARN&q={searchTerms}
mDefault_Page_URL = Google
mDefault_Search_URL = Google
mSearchAssistant = Google
mCustomizeSearch = Google
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - d:\visual studio 2012\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Tải tất cả liên kết bằng IDM - c:\program files\internet download manager\IEGetAll.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
TCP: Interfaces\{46C5E2A9-D496-4C02-9E05-182563C256FD} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5B7FE074-053C-4EE3-992E-D3EF7B4C80FA} : DHCPNameServer = 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~2.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\of6pz11q.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\adobe\acrobat 11.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\admin\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-10-21 243128]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2014-1-4 39624]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2012-12-19 48920]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-24 119056]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2014-3-19 166352]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-7-14 44544]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-1-10 95744]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2013-6-28 9216]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2014-5-13 1682768]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\cmw_srv.exe [2013-12-18 920872]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-12-18 555304]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-5-15 101168]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2014-4-15 375056]
R2 MgAssistService;MgAssist Service;c:\program files\mobogenie\MgAssist.exe [2014-3-22 70848]
R2 MySQL5;MySQL5;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql5 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-3-29 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2014-3-29 15904544]
R2 OracleServiceXE;OracleServiceXE;c:\oracle11\app\oracle\product\11.2.0\server\bin\oracle.exe xe --> c:\oracle11\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oracle11\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE [2011-8-27 512000]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2012-12-19 1154752]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2014-3-29 411936]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2013-11-19 5309280]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-21 107736]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2012-12-18 3328]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-3-29 34080]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2013-7-8 159208]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-8-13 37064]
R3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys [2013-11-23 51712]
RUnknown VideoDownloadConverter_4zService;VideoDownloadConverter_4zService; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-6-7 101504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.285\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2014-5-11 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2014-5-11 10320]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S4 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2009-12-22 225280]
S4 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2011-1-10 14848]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle11\app\oracle\product\11.2.0\server\bin\extjob.exe xe --> c:\oracle11\app\oracle\product\11.2.0\server\bin\extjob.exe XE [?]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
S4 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-13 1343400]
.
=============== Created Last 30 ================
.
2014-05-20 21:41:08 52440 ----a-w- c:\windows\system32\drivers\ninwobq.sys
2014-05-20 21:16:01 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-20 10:44:34 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71a20652-f85d-41fd-8ffb-2b67fb15a530}\offreg.dll
2014-05-16 03:33:03 -------- d-----w- c:\programdata\a79274ff1c0408e1
2014-05-16 03:32:56 -------- d-----w- c:\programdata\FlexxibleeShopper
2014-05-15 21:55:45 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71a20652-f85d-41fd-8ffb-2b67fb15a530}\mpengine.dll
2014-05-15 06:13:16 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-05-11 10:52:48 -------- d-----w- C:\DriveKey
2014-05-11 10:52:45 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2014-05-11 10:52:45 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2014-05-11 10:52:45 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2014-05-11 10:52:44 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2014-05-11 10:52:44 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2014-05-11 10:33:18 -------- d-----w- c:\users\admin\appdata\roaming\LockHunter
2014-05-11 10:33:16 -------- d-----w- c:\program files\LockHunter
2014-05-11 09:59:48 -------- d-----w- c:\users\admin\appdata\local\Babylon
2014-05-11 09:59:44 -------- d-----w- c:\program files\Unlocker
2014-05-11 09:59:43 -------- d-----w- c:\users\admin\appdata\roaming\Babylon
2014-05-11 09:46:37 2881848 ----a-w- c:\windows\system32\pwNative.exe
2014-05-11 09:46:36 15688 ------w- c:\windows\system32\pwdrvio.sys
2014-05-11 09:46:23 10320 ------w- c:\windows\system32\pwdspio.sys
2014-05-11 09:46:15 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 8.1.1
2014-05-11 09:34:38 -------- d-----w- c:\program files\ImageWriter
2014-04-29 05:51:40 -------- d-----w- c:\users\admin\appdata\roaming\Optimizer Pro
2014-04-29 05:47:11 -------- d-----w- c:\users\admin\appdata\roaming\VOPackage
2014-04-29 05:46:22 -------- d-----w- c:\program files\Optimizer Pro
.
==================== Find3M ====================
.
2014-05-14 14:01:13 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:01:13 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 04:05:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 12:34:44 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 12:34:44 3044696 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-04 12:34:42 663896 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 12:34:42 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 12:34:41 375128 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 11:32:59 599840 ----a-w- c:\windows\system32\nvStreaming.exe
.
============= FINISH: 3:16:21.66 ===============
Attached Files
File Type: zip attach.zip (7.1 KB, 43 views)
Dsoumil is offline  
Sponsored Links
Advertisement
 
Old 05-21-2014, 12:55 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Dsoumil.

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

I see you have P2P software ( uTorrent and eMule ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall them. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Ask Toolbar<<Please read here

Also delete the following Folder if it still exists:

C:\Program Files\AskPartnerNetwork

------------------------------------------------------

CCleaner
Optimizer Pro


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling Optimizer Pro via Programs and Features in your Control Panel.

Also delete the following Folders if they still exist:

C:\Program Files\Optimizer Pro

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Hotspot Shield<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files\Hotspot Shield

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Mobogenie<<Please read this

Also delete the following Folder if it still exists:

C:\Program Files\Mobogenie

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-22-2014, 07:05 AM   #5
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



AdwCleaner[S0] :-

# AdwCleaner v3.210 - Report created 23/05/2014 at 00:22:15
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\FlexxibleeShopper
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gophoto.it
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
Folder Deleted : C:\Program Files\Betcat
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Delta
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\Freecorder 6
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\PC Speed Maximizer
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\Smart Driver Updater
Folder Deleted : C:\Program Files\Web Cake
Folder Deleted : C:\Program Files\WebCake
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
Folder Deleted : C:\Program Files\express-files
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\hotspot shield
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Windows\system32\WNLT
Folder Deleted : C:\Users\Admin\Qtrax
Folder Deleted : C:\Users\Admin\AppData\Local\apn
Folder Deleted : C:\Users\Admin\AppData\Local\Babylon
Folder Deleted : C:\Users\Admin\AppData\Local\Conduit
Folder Deleted : C:\Users\Admin\AppData\Local\iac
Folder Deleted : C:\Users\Admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Admin\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Admin\AppData\Local\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\Admin\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Admin\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Admin\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Admin\AppData\LocalLow\express-files
Folder Deleted : C:\Users\Admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Admin\AppData\Roaming\Betcat
Folder Deleted : C:\Users\Admin\AppData\Roaming\DSite
Folder Deleted : C:\Users\Admin\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Admin\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Admin\AppData\Roaming\PC Speed Maximizer
Folder Deleted : C:\Users\Admin\AppData\Roaming\Smart Driver Updater
Folder Deleted : C:\Users\Admin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Admin\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Admin\AppData\Roaming\Web Cake
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Admin\Documents\Mobogenie
Folder Deleted : C:\Users\Admin\Documents\Optimizer Pro
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\Smartbar
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\Extensions\[email protected]
Folder Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjcjelfindiobdhnonmcbfifnfnnmiph
File Deleted : C:\END
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Users\Admin\daemonprocess.txt
File Deleted : C:\Users\Admin\AppData\Roaming\BabMaint.exe
File Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\bProtector_extensions.rdf
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\invalidprefs.js
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk
Shortcut Disinfected : C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edhilgpnlmgniclikjhefmadegchepcg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{723DD81E-0B27-40DC-A6A7-9CDF9DD543CC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{723DD81E-0B27-40DC-A6A7-9CDF9DD543CC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92676059-4E8C-46AF-B72B-3D60CDE3846E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92676059-4E8C-46AF-B72B-3D60CDE3846E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43ADB59B-E170-4C91-9489-80328F0186A6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09DFA93C-4C24-4F1A-95DF-C2E9D318BC2B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43ADB59B-E170-4C91-9489-80328F0186A6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09DFA93C-4C24-4F1A-95DF-C2E9D318BC2B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510A66E7-B418-40BE-B75E-0A6C98F9AD65}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510A66E7-B418-40BE-B75E-0A6C98F9AD65}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{313B8FC3-3ED8-49C5-B394-EB6EB1DF593B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{313B8FC3-3ED8-49C5-B394-EB6EB1DF593B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CED70021-8109-4632-AA5C-3D71F3314BA7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CED70021-8109-4632-AA5C-3D71F3314BA7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PutLockerDownloader
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKCU\Software\5855d68de739ef13
Key Deleted : HKLM\SOFTWARE\5855d68de739ef13
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_picpick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_picpick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pro-evolution-soccer-2013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pro-evolution-soccer-2013_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_proxy-firewall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_proxy-firewall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED44932B-C7F7-4748-9C6D-6743D3421D73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31F17D78-5227-45DD-B4BD-32BBDFF16720}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\pc speed maximizer
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Smart Driver Updater
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\express-files
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\AppDataLow\Software\express-files
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\WNLT
Key Deleted : HKLM\Software\express-files
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\express-files Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17006

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\prefs.js ]

Line Deleted : user_pref("CT3176921.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3176921.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU5Nzc0MjkxNzY3LCJ1cGRhdGVSZXNwVGltZSI6MTM1OTc3NDI5MjgxMCwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_followers.enc", "MHgwMDMxLDB4MDAzMSwweDAwMzQsMHgwMDMwLDB4MDAzMywweDAwMzEsMHgwMDMwLDB4MDAzOSwweDAwMzYsMHgwMDM0LDB4MDAyMCwweDA[...]
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_followers_count.enc", "MzE=");
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_following.enc", "");
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_following_count.enc", "MA==");
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_home.enc", "MHgwMDMxLDB4MDAzOSwweDAwMzAsMHgwMDM3LDB4MDAzNywweDAwMzYsMHgwMDMxLDB4MDAzMCwweDAwMzIsMHgwMDMwLDB4MDAzMiwweDAwMzcs[...]
Line Deleted : user_pref("CT3176921.3176921a129719618372458539000000twitterTemplate_notify_home_count.enc", "Nw==");
Line Deleted : user_pref("CT3176921.3176921a129720553164390415000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzU5Nzc0MjkwMzE2LCJ1cGRhdGVSZXNwVGltZSI6MTM1OTc3NDI5MjQ1MCwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Line Deleted : user_pref("CT3176921.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3176921.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3176921.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3176921.FirstTime", "true");
Line Deleted : user_pref("CT3176921.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3176921.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3176921.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3176921.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3176921.autoDisableScopes", -1);
Line Deleted : user_pref("CT3176921.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3176921.cbfirsttime.enc", "U2F0IEZlYiAwMiAyMDEzIDA4OjM0OjU0IEdNVCswNTMwIChJbmRpYSBTdGFuZGFyZCBUaW1lKQ==");
Line Deleted : user_pref("CT3176921.countryCode", "IN");
Line Deleted : user_pref("CT3176921.defaultSearch", "true");
Line Deleted : user_pref("CT3176921.enableAlerts", "always");
Line Deleted : user_pref("CT3176921.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3176921.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3176921.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3176921.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3176921.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3176921.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3176921.fixUrls", true);
Line Deleted : user_pref("CT3176921.fullUserID", "UN41887812871744345.UP.20130624003923");
Line Deleted : user_pref("CT3176921.homepageuserchanged", true);
Line Deleted : user_pref("CT3176921.installDate", "2/2/2013 8:30:33");
Line Deleted : user_pref("CT3176921.installId", "stub.exe");
Line Deleted : user_pref("CT3176921.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3176921.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3176921.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3176921.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3176921.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3176921.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3176921.keyword", "true");
Line Deleted : user_pref("CT3176921.lastVersion", "10.16.70.505");
Line Deleted : user_pref("CT3176921.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3176921.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3176921.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Flogin.newindia.co.in%2Fsso%2Fjsp%2Fsignoff-ex.jsp\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLB[...]
Line Deleted : user_pref("CT3176921.openThankYouPage", "false");
Line Deleted : user_pref("CT3176921.openUninstallPage", "true");
Line Deleted : user_pref("CT3176921.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN26170213712669715&UM=UM_ID&q=");
Line Deleted : user_pref("CT3176921.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3176921.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3176921.search.searchAppId", "10000002");
Line Deleted : user_pref("CT3176921.search.searchCount", "0");
Line Deleted : user_pref("CT3176921.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3176921.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3176921.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3176921.searchUserMode", "UM_ID");
Line Deleted : user_pref("CT3176921.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3176921\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://expressfiles.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"express-files\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3176921.serviceLayer_services_Configuration_lastUpdate", "1375371897682");
Line Deleted : user_pref("CT3176921.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365395780946");
Line Deleted : user_pref("CT3176921.serviceLayer_services_appsMetadata_lastUpdate", "1365602374658");
Line Deleted : user_pref("CT3176921.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365395780681");
Line Deleted : user_pref("CT3176921.serviceLayer_services_location_lastUpdate", "1371967651285");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359774042984");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365948482768");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368152734941");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.16.1.521_lastUpdate", "1368456607547");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.16.2.509_lastUpdate", "1371982661581");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374644262373");
Line Deleted : user_pref("CT3176921.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375447868991");
Line Deleted : user_pref("CT3176921.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365395780987");
Line Deleted : user_pref("CT3176921.serviceLayer_services_searchAPI_lastUpdate", "1375371897423");
Line Deleted : user_pref("CT3176921.serviceLayer_services_serviceMap_lastUpdate", "1375371897366");
Line Deleted : user_pref("CT3176921.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365395780627");
Line Deleted : user_pref("CT3176921.serviceLayer_services_toolbarSettings_lastUpdate", "1375455756034");
Line Deleted : user_pref("CT3176921.serviceLayer_services_translation_lastUpdate", "1375371898541");
Line Deleted : user_pref("CT3176921.settingsINI", true);
Line Deleted : user_pref("CT3176921.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3176921.showToolbarPermission", "false");
Line Deleted : user_pref("CT3176921.smartbar.CTID", "CT3176921");
Line Deleted : user_pref("CT3176921.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3176921.smartbar.homepage", "true");
Line Deleted : user_pref("CT3176921.smartbar.isHidden", true);
Line Deleted : user_pref("CT3176921.smartbar.toolbarName", "express-files ");
Line Deleted : user_pref("CT3176921.startPage", "true");
Line Deleted : user_pref("CT3176921.toolbarBornServerTime", "2-2-2013");
Line Deleted : user_pref("CT3176921.toolbarCurrentServerTime", "2-8-2013");
Line Deleted : user_pref("CT3176921.toolbarLoginClientTime", "Fri Apr 05 2013 17:07:38 GMT+0530 (India Standard Time)");
Line Deleted : user_pref("CT3176921.twitterTemplate_3176921a129719618372458539000000_DailyActivity.enc", "MTM1OTc3NDI5Mzk2MQ==");
Line Deleted : user_pref("CT3176921.twitterTemplate_3176921a129719618372458539000000_LifetimeSent.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3176921.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3176921_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375471299581,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3220468.129571859753082121.isToggled_item0_12", "true");
Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349153762,\"uuid\":84351227566738,\"seq_id\":1,\"ssb\":1349153762}");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.Facebook_Mode", "2");
Line Deleted : user_pref("CT3220468.Facebook_User_Locale", "en");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT3220468.PriceSparrowUuid.enc", "MTc4Rjc0NTYtQ0NGNy00REFCLUJFNjgtM0Q1QjY3Q0JCNjJD");
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.UserID", "UN09157538310301461");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Line Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3220468.cb_experience_000.enc", "NQ==");
Line Deleted : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0IxMDk1MTE3NTQ0MzlfMTM2NTI1MDc1NjI2M19GaXJlZm94");
Line Deleted : user_pref("CT3220468.cbcountry_001", "IN");
Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "VHVlIE9jdCAwMiAyMDEyIDEwOjI1OjU3IEdNVCswNTMwIChJbmRpYSBTdGFuZGFyZCBUaW1lKQ==");
Line Deleted : user_pref("CT3220468.countryCode", "IN");
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.fullUserID", "UN09157538310301461.UP.20130709202736");
Line Deleted : user_pref("CT3220468.homepageuserchanged", true);
Line Deleted : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeone[...]
Line Deleted : user_pref("CT3220468.installId", "fftE83D.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.keyword", true);
Line Deleted : user_pref("CT3220468.lastVersion", "10.16.70.505");
Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NTU4MjE2MzExNA==");
Line Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiZTk3Yjc3NWQtMjNlMS00YjA5LWIzNDItZDExZjEyOTJhMjA2IiwiZG9tYWlucyI[...]
Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Line Deleted : user_pref("CT3220468.mam_gk_eventsCache.enc", "eyJmMWY2MjQ3MC1iMDBhLTQwNDItYTk3ZC1jMGEzYjg4NGJhZTIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXcifSwidW5pcXVlS[...]
Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NTYwMjAxNDEyMA==");
Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "YjdmYzk3MzctNjVjOS00ODc2LWE4NzItMzE1ZjQwNmUzNWQ3");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Flogin.newindia.co.in%2Fsso%2Fjsp%2Fsignoff-ex.jsp\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLB[...]
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3176921&SearchSource=2&CUI=UN41887812871744345&UM=UM_ID&q=");
Line Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3220468.searchUserMode", "UM_ID");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1375371897846");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365395781599");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1365602374605");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365395781608");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1373298420479");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353267948696");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359733383699");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359749789775");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369297740525");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373354176138");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375011098148");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375447868741");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365395781683");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1375371897801");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1375371897563");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365395781732");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1375455755916");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1375371898967");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220468.smartbar.homepage", true);
Line Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.startPage", "userChanged");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "2-10-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "2-8-2013");
Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Fri Apr 05 2013 17:07:39 GMT+0530 (India Standard Time)");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL2FwbmUudHYvY2hhbm5lbHMvaWQvU29ueSUyMFR2Lmh0bWw6OjpjbGlja2hhbmRsZXI6OjoxMzY1NTI3MDczOTc0LCwsaHR0cDovL2FwbmUudHYvY2hhbm5lbHMvaWQvU29ueSUyMFR2Lmh0bWw6[...]
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375471299746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=117023&tt=310113_2009&babsrc=HP_ss&mntrId=3c8dc53b00000000000000241df6e2cd");
Line Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.defaultenginename", "webssearches");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "express-files Customized Web Search");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine", "webssearches");
Line Deleted : user_pref("ct3176921.UserID", "UN26170213712669715");
Line Deleted : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3176921&ctid=CT3176921&SearchSource=2&CUI=UN41887812871744345&UM=UM_ID&q=");
Line Deleted : user_pref("extensions.BM9ZptYXpX7t.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=1FFD94B8-1B45-4ECA-A319-31CB1D0D4CEA&n=77fd52d2&p2=^HJ^xdm168^YYA^in&si=CM7Euffss7kCFeUE4godPBkA_[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013090514");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm168^YYA^in");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CM7Euffss7kCFeUE4godPBkA_Q");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "1FFD94B8-1B45-4ECA-A319-31CB1D0D4CEA");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1379984220336");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "0f03f380-2d1b-4581-8f32-753107ef2f41");
Line Deleted : user_pref("smartbar.machineId", "ZLIBEKTDUPUBKGQWSRNJT0XLUEECWFH/JZY8OTWXZNAKZWTHQ/QV7CJQEWR+/LVK8T4RSBU0ARLUW+K8P+XQKG");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : apfdadfinodckpcehhdhjlgiphgnbfci
Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deleted [Extension] : cjcjelfindiobdhnonmcbfifnfnnmiph
Deleted [Extension] : edhilgpnlmgniclikjhefmadegchepcg
Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Deleted [Extension] : fgfdfcbeamjnjdejakdidpniblllnbpg
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [48301 octets] - [23/05/2014 00:20:52]
AdwCleaner[S0].txt - [48121 octets] - [23/05/2014 00:22:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [48182 octets] ##########


ckfiles :-

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\corel\coreldraw graphics suite x5\custom data\bumpmap\cracks.cpt
c:\program files\garena\plugins\ui\avoidcrackplugin.dll
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\fp-1.1\java\security\spec\rsakeygenparameterspec.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\fp-1.1\java\security\spec\class-use\rsakeygenparameterspec.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\keygenerator.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\keygeneratorspi.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\class-use\keygenerator.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\class-use\keygeneratorspi.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\pbp11\java\security\spec\rsakeygenparameterspec.html
c:\program files\netbeans 6.8\mobility8\java_me_platform_sdk_3.0\docs\api\pbp11\java\security\spec\class-use\rsakeygenparameterspec.html
c:\windows\system32\slmgr.vbs.removewat
scanner sequence 3.EF.11.IANARZ
----- EOF -----





And yes I do want an antivirus. Please suggest one.

Thank you a million times for the help that you are providing. :D
Dsoumil is offline  
Old 05-22-2014, 07:42 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Dsoumil. You're very welcome! Any improvement in behavior?

------------------------------------------------------

As far as a free AV, I recommend Microsoft's Security Essentials, a good AV that is light on system resources:

Download Microsoft Security Essentials from Official Microsoft Download Center

As far as a purchased AV, you can't go wrong with ESET's NOD32 or Smart Security:

Antivirus Free Trial | 30-Day Free Trial from ESET

I use it, and love it.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-22-2014, 12:04 PM   #7
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Thanks man.
PC seems a lot better now.
And even I will go for NOD-32.

Here is the ComboFix log :-

ComboFix 14-05-19.01 - Admin 05/23/2014 5:09.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1258.84.1033.18.3326.1839 [GMT 5.5:30]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Adminlog.dat
c:\users\Admin\Documents\~yt9145.tmp
c:\windows\system32\install
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RADDRVV3
-------\Service_DCService.exe
-------\Service_raddrvv3
.
.
((((((((((((((((((((((((( Files Created from 2014-04-22 to 2014-05-22 )))))))))))))))))))))))))))))))
.
.
2014-05-22 23:49 . 2014-05-22 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-22 23:49 . 2014-05-22 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-22 23:34 . 2014-05-22 23:34 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71A20652-F85D-41FD-8FFB-2B67FB15A530}\offreg.dll
2014-05-22 18:51 . 2010-08-30 03:04 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-22 18:50 . 2014-05-22 18:52 -------- d-----w- C:\AdwCleaner
2014-05-20 21:16 . 2014-05-21 10:05 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-16 03:33 . 2014-05-16 03:33 -------- d-----w- c:\programdata\a79274ff1c0408e1
2014-05-15 21:55 . 2014-04-17 00:02 8050496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71A20652-F85D-41FD-8FFB-2B67FB15A530}\mpengine.dll
2014-05-15 06:13 . 2014-05-15 06:13 -------- d-----w- c:\program files\LogMeIn Hamachi
2014-05-11 10:52 . 2014-05-11 10:52 -------- d-----w- C:\DriveKey
2014-05-11 10:52 . 2001-09-04 22:48 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2014-05-11 10:52 . 2001-09-04 22:44 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-05-11 10:52 . 2001-09-04 22:43 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-05-11 10:52 . 2001-09-04 22:48 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-05-11 10:52 . 2001-09-04 21:54 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-05-11 10:33 . 2014-05-11 10:33 -------- d-----w- c:\users\Admin\AppData\Roaming\LockHunter
2014-05-11 10:33 . 2014-05-11 10:33 -------- d-----w- c:\program files\LockHunter
2014-05-11 09:59 . 2014-05-11 09:59 -------- d-----w- c:\program files\Unlocker
2014-05-11 09:46 . 2013-09-30 10:56 2881848 ----a-w- c:\windows\system32\pwNative.exe
2014-05-11 09:46 . 2013-09-30 10:56 15688 ------w- c:\windows\system32\pwdrvio.sys
2014-05-11 09:46 . 2013-09-30 10:56 10320 ------w- c:\windows\system32\pwdspio.sys
2014-05-11 09:46 . 2014-05-11 10:14 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 8.1.1
2014-05-11 09:34 . 2014-05-11 09:34 -------- d-----w- c:\program files\ImageWriter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-22 23:50 . 2013-09-14 23:00 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2014-05-14 14:01 . 2012-04-26 06:44 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 14:01 . 2011-12-01 07:35 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 04:05 . 2010-12-12 08:09 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 14:29 . 2014-03-29 01:30 15783992 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-03-04 14:29 . 2014-03-29 01:30 9728064 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:29 . 2014-03-29 01:30 9690424 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:29 . 2014-03-29 01:30 894296 ----a-w- c:\windows\system32\nvdispgenco3233523.dll
2014-03-04 14:29 . 2014-03-29 01:30 865224 ----a-w- c:\windows\system32\NvIFR.dll
2014-03-04 14:29 . 2014-03-29 01:30 847136 ----a-w- c:\windows\system32\NvFBC.dll
2014-03-04 14:29 . 2014-03-29 01:30 2956632 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:29 . 2014-03-29 01:30 2411976 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:29 . 2014-03-29 01:30 23716640 ----a-w- c:\windows\system32\nvoglv32.dll
2014-03-04 14:29 . 2014-03-29 01:30 17559384 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:29 . 2014-03-29 01:30 10523480 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:29 . 2014-03-29 01:30 1049888 ----a-w- c:\windows\system32\nvdispco3233523.dll
2014-03-04 14:29 . 2011-01-16 10:03 2715264 ----a-w- c:\windows\system32\nvapi.dll
2014-03-04 14:29 . 2009-06-10 21:19 14709720 ----a-w- c:\windows\system32\nvd3dum.dll
2014-03-04 12:34 . 2010-10-16 07:12 4348704 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 12:34 . 2010-10-16 07:12 3044696 ----a-w- c:\windows\system32\nvsvc.dll
2014-03-04 12:34 . 2010-10-16 07:12 663896 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 12:34 . 2010-10-16 07:12 62752 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 12:34 . 2010-10-16 07:12 375128 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 11:32 . 2014-03-29 01:32 599840 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-18 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[-] 2009-10-30 . 5DECCD8F824007CE7ED0ADF917F53FC7 . 2870272 . . [6.1.7600.16385] . . c:\windows\Resources\Themes\Snow Leopard for Windows7\System Files\explorer\64 BIT\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[-] 2009-04-11 . 4F327F02E252702E7C3E2FED63349A2E . 2641408 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[-] 2009-04-11 . 4F327F02E252702E7C3E2FED63349A2E . 2641408 . . [6.1.7600.16385] . . c:\windows\Resources\Themes\Snow Leopard for Windows7\System Files\explorer\32 BIT\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 04:50 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-05-22 3581816]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-02-05 1048152]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\L:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^autobahn.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk
backup=c:\windows\pss\autobahn.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
backup=c:\windows\pss\My_AutoWarkey_Script.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-09-23 15:13 3477640 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 15:13 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-20 01:57 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 02:28 611712 ------w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 10:56 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 14:21 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Denzi]
2013-03-15 11:24 1077760 ----a-w- c:\program files\Denzi\Denzi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ------w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 14:00 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2013-05-22 12:08 3581816 ----a-r- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 14:00 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPhoneDiskDrive]
2011-05-11 02:48 1473024 ----a-w- c:\program files\1am Studios\iPhone Disk Drive\IPhoneDiskDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-09-17 18:15 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 14:00 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 15:26 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 09:05 305064 ------w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2013-01-17 10:38 267792 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 08:28 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2013-07-08 11:28 543320 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2012-09-23 11:15 1517296 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 03:46 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-05-15 01:08 4760816 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 08:07 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R1 MpKsl33f58319;MpKsl33f58319;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{455ED839-53A2-46B7-88C1-9159D16C84E0}\MpKsl33f58319.sys [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-18 577536]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2012-06-07 101504]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-21 107736]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-09-30 15688]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-09-30 10320]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-09-09 114448]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [2012-11-13 14416]
R4 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle11\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
R4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe [2012-09-23 277744]
R4 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-12 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-21 243128]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-09-09 201488]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-09-09 103184]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 95744]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2013-06-27 9216]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-05-13 1682768]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-04-05 101168]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-04-15 375056]
S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.1\my.ini MySQL5 [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 OracleServiceXE;OracleServiceXE;c:\oracle11\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
S2 OracleXETNSListener;OracleXETNSListener;c:\oracle11\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [2011-08-27 512000]
S2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\RServer3.exe [2012-12-18 1154752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-11-14 5309280]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-09-09 125200]
S3 wovad_micarray;WO Mic Device;c:\windows\system32\drivers\womic.sys [2013-11-23 51712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 07:53 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-02 14:01]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-04 20:02]
.
2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-04 20:02]
.
2014-05-22 c:\windows\Tasks\SDMsgUpdate (Local).job
- c:\smartd~1\Messages\SDNotify.exe [2014-02-26 15:18]
.
2014-05-22 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2014-02-26 15:18]
.
2012-06-16 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:14]
.
.
------- Supplementary Scan -------
.
mStart Page = Google
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Tải tất cả liên kết bằng IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\of6pz11q.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-Akamai NetSession Interface - c:\users\Admin\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
MSConfigStartUp-Facebook Update - c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Google Update - c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-PC Speed Maximizer - c:\program files\PC Speed Maximizer\SPMLauncher.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-Smart Driver Updater - c:\program files\Smart Driver Updater\SDULauncher.exe
MSConfigStartUp-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
MSConfigStartUp-VideoDownloadConverter_4z Browser Plugin Loader - c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
MSConfigStartUp-WebCake Desktop - c:\users\Admin\AppData\Roaming\Betcat\WebCakeDesktop.exe
AddRemove-Clone Ragnarok Renewal - c:\users\Admin\Desktop\cloneRo\Ace Systems\Clone Ragnarok Renewal\Uninstall CloneRO.exe
AddRemove-Freecorder 6 - c:\program files\Freecorder 6\uninstaller.exe
AddRemove-Road Rash_is1 - c:\users\Admin\Desktop\Road Rash\CGNDATA\unins000.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
AddRemove-Asgard Ragnarok Online - c:\users\Admin\Desktop\iop\Uninstal.exe
AddRemove-Baldur Ragnarok Online Lite Installer v1.0.0.0 - c:\users\Admin\Desktop\bal\Uninstal.exe
AddRemove-BaldurRO Elite Installer (BETA TEST) - c:\users\Admin\Desktop\betest\Uninstal.exe
AddRemove-CombatCookieRO - d:\vintage-ro - copy\Uninstal.exe
AddRemove-Enraged Ragnarok Online - c:\users\Admin\Desktop\enrage\Uninstal.exe
AddRemove-Everlast RO v1 - c:\users\Admin\Desktop\ever\Uninstal.exe
AddRemove-ExclusiveROLiteInstallerV2.0 - c:\users\Admin\Desktop\exro\Uninstal.exe
AddRemove-Gods Ragnarok Online - c:\users\Admin\Desktop\test\Uninstal.exe
AddRemove-PyRO Installer - c:\users\Admin\Desktop\SiRO\Uninstal.exe
AddRemove-Vengeance Ragnarok Online - c:\users\Admin\Desktop\vro\Uninstall-VRO.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\services\MySQL5]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL5"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_USERS\S-1-5-21-7238265-1896125294-3291190998-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):68,9b,e4,5f,b3,1b,ce,1b,39,9b,e2,50,3c,48,8d,b5,3f,99,79,b4,d8,
34,72,8e,fc,2a,cd,09,88,73,47,e6,1f,2c,4e,12,18,c7,f8,7a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-7238265-1896125294-3291190998-1000_Classes\CLSID\{fdeef6bc-b00d-4cb1-bd54-3225cdedf618}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000089
"Therad"=dword:00000013
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4100)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\mqsvc.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\oracle11\app\oracle\product\11.2.0\server\bin\ORACLE.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-05-23 05:26:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-22 23:56
ComboFix2.txt 2012-07-27 15:57
.
Pre-Run: 16,414,232,576 bytes free
Post-Run: 16,039,264,256 bytes free
.
- - End Of File - - F54E80780CD018FDEC214CAE491694BC
8F558EB6672622401DA993E1E865C861
Dsoumil is offline  
Old 05-22-2014, 12:58 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Dsoumil. You're very welcome.

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

sc stop MpKsl33f58319

A DOS window will open and close again, this is normal.

Repeat for this command:

sc delete MpKsl33f58319

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Your Java is out of date.

Java(TM) 7 Update 40 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-23-2014, 10:22 PM   #9
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Cannot update java. When i click on update button nothing happens.
I downloaded eset antivirus itself and did a scan and no threats were found.

Here is MBAM log :-

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 5/24/2014
Scan Time: 5:41:40 AM
Logfile: mab.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.23.10
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Admin

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 235979
Time Elapsed: 2 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Dsoumil is offline  
Old 05-25-2014, 10:15 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Dsoumil. Sorry for the delay. Forgot you installed NOD32. Let me know if you successfully install Java.

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 7 Update 40

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-26-2014, 07:08 AM   #11
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



Done :D Java installed successfully. Thank you so much ^_^
Dsoumil is offline  
Old 05-26-2014, 04:43 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Dsoumil. You're very welcome!

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable NOD32 before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-27-2014, 06:45 AM   #13
Registered Member
 
Join Date: Jul 2012
Posts: 46
OS: Windows 7



All done. Thanks alot. Btw, I want to learn to do what you are doing. Are there any tutorials on it? Thanks a million :D
Dsoumil is offline  
Old 05-27-2014, 06:57 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Dsoumil! Glad to have helped.

There is a link toward the top of the Virus/Trojan/Spyware Help page:

https://www.techsupportforum.com/foru...my-294775.html

However, we are not accepting new applicants during the summer.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
XP Security 2011/Java-CVE-2010/Cycbot Removal
Hey, everybody. Here's the lowdown: A couple of months ago my sister accidentally sent me the XP Security 2011 virus in a .JPG attached to her e-mail. (I know it was her, alas, as that's how she caught the exact same virus.) I took my PC to a local computer company and paid good money to...
KeithEKimball Resolved HJT Threads 20 08-15-2011 03:34 PM
Laptop barely works, can't access task manager
No access to a Windows install disc or a boot CD Computer takes way too long to start. Takes way too long to restart and shut down. The internet shuts off after a couple of hours and I have to restart the computer. Pop-up keeps appearing even when a web page isn't open....
BalloonBottle Resolved HJT Threads 21 07-25-2011 02:36 PM
"The memory could not be written"
Hi. I appreciate any help you could provide. Recently, I started getting an error that popped up when I run Real Player. Now, anytime I try to install a program I get an application error referencing memory at "0x71ab4a07" and am unable to complete installation. Here is the specific message when...
calbum2 Inactive Malware Help Topics 6 05-09-2011 07:32 AM
Windows 7 Recovery Problem
Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove...
RichieFth Virus/Trojan/Spyware Help 21 04-28-2011 01:08 PM
XP security center
Hi, using XP SP3, with up to date AVG free. Using other PC to post this. I got the XP security center malware while browsing. I can not open exe files (but get no prompts like for missing associations for example, anything I have tried like Firefox, etc. I can navigate in windows explorer...
rgmm Resolved HJT Threads 16 04-09-2011 08:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:29 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts