Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

VIRUS: searchinterneat-a.akamaihd.net

This is a discussion on VIRUS: searchinterneat-a.akamaihd.net within the Resolved HJT Threads forums, part of the Tech Support Forum category. I couldn't run DDS, I would get this error error window: "DDS is not meant to run in 'Compatibility Mode".


 
 
Thread Tools Search this Thread
Old 04-05-2016, 09:13 PM   #1
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



I couldn't run DDS, I would get this error error window: "DDS is not meant to run in 'Compatibility Mode". The program shall exit now. So I ran FRST, results below.
-------------------------------------------------


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Carlos (administrator) on CARLOSPC (05-04-2016 17:11:21)
Running from C:\Users\Carlos\Desktop
Loaded Profiles: Carlos (Available Profiles: Carlos)
Platform: Windows 8.1 (Update 1) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyCrashService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [Spotify Web Helper] => C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-09] (Spotify Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [Spotify] => C:\Users\Carlos\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-09] (Spotify Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {244d0f28-b8d1-11e3-beb4-a4173169cd62} - "I:\LaunchU3.exe" -a
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {2a787292-34ce-11e2-be65-806e6f6e6963} - "D:\IFZ.exe"
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013-01-14]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013-01-14]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{363C7C16-51AE-45A3-894C-9D95F62C7DFD}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130853452574990832&GUID=5043AD94-F076-4754-BE8D-D1B04DE60457
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130853452574985822&GUID=5043AD94-F076-4754-BE8D-D1B04DE60457
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> {595575C4-933F-475C-A179-CCB1B0E741AE} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-02] (Qualcomm Atheros Commnucations)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-07] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-07] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741
FF NewTab: about:home
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2009-09-25] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Carlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: electronicarts.com/GameFacePlugin -> C:\Users\Carlos\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-06-26] (Nullsoft, Inc.)
FF Extension: Search Window Results - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\Extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi [2016-03-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-06] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (Search Window Results) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfebdmgdilkekeneldmidbfmfioakajg [2016-04-02] [UpdateUrl: hxxp://cdn.searchwindowresults.com/update] <==== ATTENTION
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-03] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2013-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [236888 2013-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKsl0b122d0f; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F4F9BA-4192-4600-B2D0-A7FF41BC54F9}\MpKsl0b122d0f.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 17:11 - 2016-04-05 17:12 - 00029910 _____ C:\Users\Carlos\Desktop\FRST.txt
2016-04-05 17:11 - 2016-04-05 17:11 - 00000000 ____D C:\FRST
2016-04-05 17:09 - 2016-04-05 17:10 - 02374144 _____ (Farbar) C:\Users\Carlos\Desktop\FRST64.exe
2016-04-05 17:05 - 2016-04-05 17:05 - 00000000 ___RD C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-04-03 23:07 - 2016-04-03 23:08 - 00171244 _____ C:\WINDOWS\ntbtlog.txt
2016-04-03 22:25 - 2016-04-03 22:25 - 00688992 _____ (Swearware) C:\Users\Carlos\Downloads\dds(1).scr
2016-04-03 19:08 - 2016-04-03 19:08 - 03102720 _____ C:\Users\Carlos\Downloads\adwcleaner_5.108.exe
2016-04-03 18:40 - 2016-04-05 17:05 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-03 18:40 - 2016-04-03 22:45 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-03 18:40 - 2016-04-03 18:40 - 00987728 _____ (Google Inc.) C:\Users\Carlos\Downloads\ChromeSetup.exe
2016-04-03 18:40 - 2016-04-03 18:40 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-03 18:40 - 2016-04-03 18:40 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-03 18:40 - 2016-04-03 18:40 - 00000000 _____ C:\autoexec.bat
2016-04-03 18:39 - 2016-04-03 18:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Carlos\Downloads\SpyHunter-Installer.exe
2016-04-03 18:39 - 2016-04-03 18:39 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-04-03 18:27 - 2016-04-03 18:27 - 00688992 _____ (Swearware) C:\Users\Carlos\Desktop\dds.scr
2016-03-31 22:35 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-03-31 22:35 - 2016-03-31 22:35 - 00000000 ____D C:\Users\Carlos\AppData\Local\rec_en_238
2016-03-31 22:30 - 2016-04-02 20:47 - 00000000 ____D C:\Users\Carlos\AppData\Local\dply_en_015020284
2016-03-31 22:30 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\dply_en_015020284
2016-03-31 22:30 - 2016-03-31 22:30 - 00000000 ____D C:\Program Files (x86)\Checked List
2016-03-31 22:29 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\b0bc73e9-7771-1
2016-03-31 22:29 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\b0bc73e9-2313-0
2016-03-31 22:29 - 2016-04-02 20:49 - 00000000 ____D C:\Program Files\Oacocday
2016-03-31 22:29 - 2016-04-02 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-03-31 22:29 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-03-31 22:29 - 2016-03-31 22:32 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\System Healer
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\Users\Carlos\AppData\LocalLow\Company
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\Users\Carlos\AppData\Local\Tempfolder
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\uninst
2016-03-31 22:28 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\1a1d968b-1921-1
2016-03-31 22:28 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\1a1d968b-0e67-0
2016-03-31 22:28 - 2016-04-02 20:49 - 00000000 ____D C:\ProgramData\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e
2016-03-31 22:28 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\Search Window Results
2016-03-31 22:28 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-03-20 14:49 - 2016-03-20 18:51 - 52849857 _____ C:\Users\Carlos\Downloads\DarkWing_MightyMouse 2.psd
2016-03-20 14:49 - 2016-03-20 14:49 - 47970458 _____ C:\Users\Carlos\Downloads\DarkWing_MightyMouse.psd
2016-03-19 21:36 - 2016-03-19 21:46 - 1876282022 _____ C:\Users\Carlos\Downloads\In.the.Heart.of.the.Sea.avi
2016-03-13 20:54 - 2016-03-13 20:54 - 00000000 __SHD C:\Users\Carlos\AppData\LocalLow\EmieUserList
2016-03-13 20:54 - 2016-03-13 20:54 - 00000000 __SHD C:\Users\Carlos\AppData\LocalLow\EmieSiteList
2016-03-10 20:51 - 2016-03-10 20:51 - 11335442 _____ C:\Users\Carlos\Documents\Characters Skribbles and What Nots.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 17:10 - 2013-09-29 21:04 - 00971464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-05 17:10 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-05 17:09 - 2013-12-21 10:53 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\ClassicShell
2016-04-05 17:07 - 2012-11-22 09:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-05 17:05 - 2015-09-18 19:45 - 00000000 ____D C:\Users\Carlos\AppData\Local\Spotify
2016-04-05 17:05 - 2013-12-09 22:37 - 00000000 ___RD C:\Users\Carlos\SkyDrive
2016-04-05 17:04 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-03 22:52 - 2014-03-31 05:28 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF894DA9-E6A4-4C09-950E-A0DC7AA4C454}
2016-04-03 22:49 - 2012-12-26 00:53 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645849503-499310708-3259883643-1001
2016-04-03 22:38 - 2013-04-07 18:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-03 22:28 - 2012-12-28 12:22 - 05910528 ___SH C:\Users\Carlos\Downloads\Thumbs.db
2016-04-03 19:15 - 2014-09-28 17:03 - 00000000 ____D C:\AdwCleaner
2016-04-03 19:13 - 2012-12-26 01:17 - 00002277 _____ C:\Users\Carlos\Desktop\Google Chrome.lnk
2016-04-03 19:13 - 2012-12-25 20:02 - 00002307 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 19:11 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-03 18:41 - 2012-12-26 01:17 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 02:00 - 2012-12-30 04:07 - 00000000 ____D C:\Users\Carlos\AppData\Local\Adobe
2016-04-02 21:38 - 2013-04-07 18:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-02 21:22 - 2013-05-26 13:06 - 00609792 ___SH C:\Users\Carlos\Desktop\Thumbs.db
2016-04-02 21:15 - 2013-12-15 14:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-02 20:50 - 2013-12-09 21:27 - 00000000 ____D C:\Users\Carlos
2016-04-02 20:48 - 2015-09-18 19:45 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\Spotify
2016-04-02 20:48 - 2015-07-30 06:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-04-02 20:48 - 2013-01-06 11:19 - 00000000 ____D C:\Users\Carlos\Downloads\Software
2016-04-02 20:48 - 2012-12-29 09:53 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\vlc
2016-04-02 20:47 - 2013-09-13 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-02 20:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-02 20:47 - 2013-02-07 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2016-04-02 20:47 - 2012-12-26 00:46 - 00000000 ____D C:\ProgramData\Atheros
2016-04-02 20:46 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-02 20:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2016-04-02 20:39 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-02 20:36 - 2013-09-22 15:57 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-04-02 18:03 - 2012-12-28 06:05 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\CyberLink
2016-03-13 18:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness

==================== Files in the root of some directories =======

2015-04-19 19:49 - 2015-04-19 19:49 - 0000132 _____ () C:\Users\Carlos\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-01-05 19:15 - 2013-01-13 17:18 - 0099384 _____ () C:\Users\Carlos\AppData\Roaming\inst.exe
2013-01-05 19:15 - 2013-01-13 17:18 - 0007859 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.cat
2013-01-05 19:15 - 2013-01-13 17:18 - 0001167 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.inf
2013-01-05 19:15 - 2013-01-13 17:18 - 0000034 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.log
2013-01-05 19:15 - 2013-01-13 17:18 - 0082816 _____ (VSO Software) C:\Users\Carlos\AppData\Roaming\pcouffin.sys
2012-12-18 16:55 - 2012-12-18 16:55 - 27978904 _____ (VSO-Software ) C:\Users\Carlos\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2013-08-30 23:13 - 2013-09-21 18:25 - 0000600 _____ () C:\Users\Carlos\AppData\Roaming\winscp.rnd
2015-10-07 17:35 - 2015-10-07 17:36 - 225111747 _____ () C:\Users\Carlos\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-10-07 17:35 - 2015-10-07 17:36 - 0002530 _____ () C:\Users\Carlos\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2013-09-21 08:58 - 2013-09-21 08:58 - 0003584 _____ () C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-04 17:32 - 2013-02-04 17:32 - 0000094 _____ () C:\Users\Carlos\AppData\Local\fusioncache.dat
2014-02-17 01:21 - 2014-02-17 01:21 - 0000218 _____ () C:\Users\Carlos\AppData\Local\recently-used.xbel
2012-11-22 09:17 - 2012-11-22 09:17 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-22 09:14 - 2012-11-22 09:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-22 09:15 - 2012-11-22 09:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-22 09:14 - 2012-11-22 09:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-22 09:16 - 2012-11-22 09:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-03 22:49

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (49.9 KB, 28 views)
MrToon is offline  
Sponsored Links
Advertisement
 
Old 04-06-2016, 12:48 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we? Please do the below steps.

STEP 1

Please launch AdwCleaner

Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please re-run FRST tool and attach fresh logs.
__________________
tekir06 is offline  
Old 04-06-2016, 11:59 AM   #3
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



# AdwCleaner v5.109 - Logfile created 06/04/2016 at 11:47:20
# Updated 04/04/2016 by Xplode
# Database : 2016-04-05.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Carlos - CARLOSPC
# Running from : C:\Users\Carlos\Desktop\adwcleaner_5.109.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DESKTOPPLAY
[-] Folder Deleted : C:\Program Files (x86)\DNS Unlocker
[-] Folder Deleted : C:\Program Files (x86)\Itibiti Soft Phone
[-] Folder Deleted : C:\Program Files (x86)\Checked List
[-] Folder Deleted : C:\Program Files (x86)\dply_en_015020284
[-] Folder Deleted : C:\Program Files (x86)\Search Window Results
[#] Folder Deleted : C:\Program Files (x86)\dply_en_015020284
[-] Folder Deleted : C:\Program Files (x86)\Common Files\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e
[-] Folder Deleted : C:\ProgramData\1a1d968b-0e67-0
[-] Folder Deleted : C:\ProgramData\1a1d968b-1921-1
[-] Folder Deleted : C:\ProgramData\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e
[-] Folder Deleted : C:\ProgramData\b0bc73e9-2313-0
[-] Folder Deleted : C:\ProgramData\b0bc73e9-7771-1
[#] Folder Deleted : C:\ProgramData\Application Data\1a1d968b-0e67-0
[#] Folder Deleted : C:\ProgramData\Application Data\1a1d968b-1921-1
[#] Folder Deleted : C:\ProgramData\Application Data\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e
[#] Folder Deleted : C:\ProgramData\Application Data\b0bc73e9-2313-0
[#] Folder Deleted : C:\ProgramData\Application Data\b0bc73e9-7771-1
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[-] Folder Deleted : C:\Users\Carlos\AppData\Local\dply_en_015020284
[#] Folder Deleted : C:\Users\Carlos\AppData\Local\dply_en_015020284
[-] Folder Deleted : C:\Users\Carlos\AppData\Local\rec_en_238
[-] Folder Deleted : C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfebdmgdilkekeneldmidbfmfioakajg
[-] Folder Deleted : C:\Users\Carlos\AppData\Roaming\System Healer

***** [ Files ] *****

[-] File Deleted : C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bfebdmgdilkekeneldmidbfmfioakajg_0.localstorage
[-] File Deleted : C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\searchplugins\Search Provided by Yahoo.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{B278D9F8-0FA9-465E-9938-0C392605D8E3}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Crossrider

***** [ Web browsers ] *****

[-] [C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bfebdmgdilkekeneldmidbfmfioakajg

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3457 bytes] - [06/04/2016 11:47:20]
C:\AdwCleaner\AdwCleaner[R4].txt - [1033 bytes] - [06/04/2016 11:41:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [3485 bytes] - [06/04/2016 11:46:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3676 bytes] ##########
Attached Files
File Type: txt Addition.txt (50.2 KB, 31 views)
File Type: txt FRST.txt (43.0 KB, 44 views)
MrToon is offline  
Sponsored Links
Advertisement
 
Old 04-06-2016, 11:22 PM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

Thanks for the logs. Please do the below steps.

STEP 1

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programS to uninstall:

Free CBR Reader >>>>> Please read

If you see the list below the remove.

C:\Program Files (x86)\GoforFiles>>>>>>> Please read

STEP 2


Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {244d0f28-b8d1-11e3-beb4-a4173169cd62} - "I:\LaunchU3.exe" -a
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {2a787292-34ce-11e2-be65-806e6f6e6963} - "D:\IFZ.exe"
HKU\S-1-5-18\...\Run: [] => 0
Toolbar: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
SearchScopes: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> {595575C4-933F-475C-A179-CCB1B0E741AE} URL =
2012-11-22 09:17 - 2012-11-22 09:17 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-22 09:14 - 2012-11-22 09:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-22 09:15 - 2012-11-22 09:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-22 09:14 - 2012-11-22 09:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-22 09:16 - 2012-11-22 09:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
AlternateDataStreams: C:\Users\Carlos\AppData\Local\CVRgsIMVQYfTna:7BEyKYho4ML7piSEoRmR [2370]
AlternateDataStreams: C:\Users\Carlos\AppData\Local\GJKsUtQey:RwfSff4rHS7636Mu3hIq3QChi [2002]
Task: {AFE1A936-A5A4-4541-A690-5FEFB72E73D4} - System32\Tasks\{A6412D1A-8CA9-4D9C-B9C1-E408BC1D9B79} => pcalua.exe -a "C:\Program Files (x86)\GoforFiles\uninstall.exe"
FirewallRules: [{1EAAC27D-C8E8-4F86-9CE9-F8488E0351A0}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{E5C176E4-F0AA-4385-8879-4E5F5D78CD00}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{D99A8F51-3890-4FE5-8198-88382B4137E3}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{64A46081-E528-45D8-A701-F9882006D084}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 04-07-2016, 06:32 PM   #5
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Carlos (2016-04-07 18:24:32) Run:1
Running from C:\Users\Carlos\Desktop
Loaded Profiles: Carlos (Available Profiles: Carlos)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {244d0f28-b8d1-11e3-beb4-a4173169cd62} - "I:\LaunchU3.exe" -a
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {2a787292-34ce-11e2-be65-806e6f6e6963} - "D:\IFZ.exe"
HKU\S-1-5-18\...\Run: [] => 0
Toolbar: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
SearchScopes: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> {595575C4-933F-475C-A179-CCB1B0E741AE} URL =
2012-11-22 09:17 - 2012-11-22 09:17 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-22 09:14 - 2012-11-22 09:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-22 09:15 - 2012-11-22 09:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-22 09:14 - 2012-11-22 09:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-22 09:16 - 2012-11-22 09:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
AlternateDataStreams: C:\Users\Carlos\AppData\Local\CVRgsIMVQYfTna:7BEyKYho4ML7piSEoRmR [2370]
AlternateDataStreams: C:\Users\Carlos\AppData\Local\GJKsUtQey:RwfSff4rHS7636Mu3hIq3QChi [2002]
Task: {AFE1A936-A5A4-4541-A690-5FEFB72E73D4} - System32\Tasks\{A6412D1A-8CA9-4D9C-B9C1-E408BC1D9B79} => pcalua.exe -a "C:\Program Files (x86)\GoforFiles\uninstall.exe"
FirewallRules: [{1EAAC27D-C8E8-4F86-9CE9-F8488E0351A0}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{E5C176E4-F0AA-4385-8879-4E5F5D78CD00}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{D99A8F51-3890-4FE5-8198-88382B4137E3}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{64A46081-E528-45D8-A701-F9882006D084}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-645849503-499310708-3259883643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244d0f28-b8d1-11e3-beb4-a4173169cd62}" => key removed successfully
HKCR\CLSID\{244d0f28-b8d1-11e3-beb4-a4173169cd62} => key not found.
"HKU\S-1-5-21-645849503-499310708-3259883643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a787292-34ce-11e2-be65-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{2a787292-34ce-11e2-be65-806e6f6e6963} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKU\S-1-5-21-645849503-499310708-3259883643-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{595575C4-933F-475C-A179-CCB1B0E741AE}" => key removed successfully
HKCR\CLSID\{595575C4-933F-475C-A179-CCB1B0E741AE} => key not found.
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => moved successfully
C:\Users\Carlos\AppData\Local\CVRgsIMVQYfTna => ":7BEyKYho4ML7piSEoRmR" ADS removed successfully.
C:\Users\Carlos\AppData\Local\GJKsUtQey => ":RwfSff4rHS7636Mu3hIq3QChi" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE1A936-A5A4-4541-A690-5FEFB72E73D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE1A936-A5A4-4541-A690-5FEFB72E73D4}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A6412D1A-8CA9-4D9C-B9C1-E408BC1D9B79} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A6412D1A-8CA9-4D9C-B9C1-E408BC1D9B79}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1EAAC27D-C8E8-4F86-9CE9-F8488E0351A0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E5C176E4-F0AA-4385-8879-4E5F5D78CD00} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D99A8F51-3890-4FE5-8198-88382B4137E3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64A46081-E528-45D8-A701-F9882006D084} => value removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 416.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:25:18 ====
MrToon is offline  
Old 04-08-2016, 12:35 AM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

Thanks for the log. Please do the following.

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 04-09-2016, 11:48 AM   #7
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



Malwarebytes did not ask for a reboot so I rebooted manually before exporting log.
Attached Files
File Type: txt MrToon_Malwarebytes.txt (7.0 KB, 45 views)
MrToon is offline  
Old 04-09-2016, 03:23 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

Thanks for the log. Please do the following and then tell me How is the machine behaving now? What problems do you still have?

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.
__________________
tekir06 is offline  
Old 04-10-2016, 10:12 PM   #9
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



Every thing seems to be running fine but the long list of threats concerns me. I know what some of the possible threats are (Key gens) but the rest are what concerns me.

------------------------------------------------

C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Search Window Results\Extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi.vir JS/BrowseFox.A potentially unwanted application
C:\Laptop\Carlos\AppData\Local\CRE\ihdocopbfpkegkfdakddnemkgpbficdg.crx a variant of Win32/Toolbar.Conduit.AL potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU7VSWVG\statisticsstub[2].exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\75AC.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Laptop\Carlos\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Laptop\Carlos\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\tbFree.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\Vid-Saver-ppd.exe Win32/Toolbar.CrossRider.B potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbar4ie.exe a variant of Win32/Toolbar.Babylon.AA potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct2704262\chLogic.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct2704262\ffLogic.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct2704262\ieLogic.exe Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct2704262\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct3226464\chLogic.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct3226464\ffLogic.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct3226464\ieLogic.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\ct3226464\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\BExternal.dll a variant of Win32/Toolbar.Babylon.C potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\Latest\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\Latest\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\Latest\MyBabylonTB.exe Win32/Toolbar.Montiera.I potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\is-7PGD6.tmp\ConduitInstaller.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\is-LDE3E.tmp\ConduitInstaller.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\is357113909\FunmoodsLatest.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\is357113909\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon.A potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\nsl85F3.tmp\installer_util.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application
C:\Laptop\Carlos\AppData\Local\Temp\nsl85F3.tmp\mixer.exe Win32/Packed.ScrambleWrapper.B potentially unwanted application
C:\Laptop\Carlos\AppData\Roaming\MajorWare\PDF To EPUB Converter\ppp\pdfccc.exe a variant of Win32/Patched.F potentially unsafe application
C:\Laptop\Carlos\Downloads\cbsidlm-tr1_7-AD_Audio_Recorder-SEO2-10920578.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Laptop\Carlos\Downloads\cbsidlm-tr1_7-Free_Sound_Recorder-ORG2-10698910.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Laptop\Carlos\Downloads\FreeSoundRecorder.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Laptop\Carlos\Downloads\FreeSoundRecorder_Bundle_9.4.1.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Laptop\Carlos\Downloads\SoftonicDownloader_for_all2wav-recorder.exe Win32/SoftonicDownloader.E potentially unwanted application
C:\Laptop\Carlos\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Program Files (x86)\Filter Forge 4\Bin\filter.forge.4.008-MPT.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Carlos\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe a variant of Win32/BitCoinMiner.AK potentially unsafe application
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\dz1mso16.default\extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi JS/BrowseFox.A potentially unwanted application
C:\Users\Carlos\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Carlos\Downloads\ccsetup502.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Carlos\Downloads\ccsetup511.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Carlos\Downloads\F1lterF0rge4.008.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update.rar a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\Manga-Studio-5-Windows.zip a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\F1lterF0rge4.008\Filter_Forge_4.008\Filter.Forge.4.008.Patch.And.Cracked-MPT.zip a variant of Win32/HackTool.Patcher.AD potentially unsafe application
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update\Manga Studio EX 5.0.5 Windows update\Crack\xf-sms504ex.7z a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update\Manga Studio EX 5.0.5 Windows update\Crack\xf-sms504ex.exe a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\Manga-Studio-5-Windows\Crack\xf-sms50.7z a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0.0-XFORCE\xfms5a01.zip a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0\xfms5win.rar a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0\xfms5win\Crack\xf-sms50.7z a variant of Win32/Keygen.HA potentially unsafe application
C:\Users\Carlos\Downloads\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0.0-XFORCE\MANGA_STUDIO_V5.0\xfms5win\Crack\xf-sms50\xf-sms50.exe a variant of Win32/Keygen.HA potentially unsafe application
MrToon is offline  
Old 04-11-2016, 03:46 PM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

Yes. You're right, the list is long. In that list, The majority of the files belonging to browser hijackers. At the same time you should be concerns about the keygen.

Cracked (Illegal) Software

Please do the following :

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (2.7 KB, 34 views)
__________________
tekir06 is offline  
Old 04-11-2016, 07:04 PM   #11
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Carlos (2016-04-11 18:56:33) Run:2
Running from C:\Users\Carlos\Desktop
Loaded Profiles: Carlos (Available Profiles: Carlos)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Laptop\Carlos\AppData\Local\CRE\ihdocopbfpkegkfdakddnemkgpbficdg.crx
C:\Laptop\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU7VSWVG\statisticsstub[2].exe
C:\Laptop\Carlos\AppData\Local\Temp\75AC.tmp
C:\Laptop\Carlos\AppData\Local\Temp\ApnStub.exe
C:\Laptop\Carlos\AppData\Local\Temp\MyBabylonTB.exe
C:\Laptop\Carlos\AppData\Local\Temp\tbFree.dll
C:\Laptop\Carlos\AppData\Local\Temp\Vid-Saver-ppd.exe
C:\Laptop\Carlos\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbar4ie.exe
C:\Laptop\Carlos\AppData\Local\Temp\ct2704262
C:\Laptop\Carlos\AppData\Local\Temp\ct3226464
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13
C:\Laptop\Carlos\AppData\Local\Temp\is-7PGD6.tmp
C:\Laptop\Carlos\AppData\Local\Temp\is-LDE3E.tmp\ConduitInstaller.exe
C:\Laptop\Carlos\AppData\Local\Temp\is357113909
C:\Laptop\Carlos\AppData\Local\Temp\nsl85F3.tmp\installer_util.exe
C:\Laptop\Carlos\AppData\Local\Temp\nsl85F3.tmp\mixer.exe
C:\Laptop\Carlos\AppData\Roaming\MajorWare\PDF To EPUB Converter\ppp\pdfccc.exe
C:\Laptop\Carlos\Downloads\cbsidlm-tr1_7-AD_Audio_Recorder-SEO2-10920578.exe
C:\Laptop\Carlos\Downloads\cbsidlm-tr1_7-Free_Sound_Recorder-ORG2-10698910.exe
C:\Laptop\Carlos\Downloads\FreeSoundRecorder.exe
C:\Laptop\Carlos\Downloads\FreeSoundRecorder_Bundle_9.4.1.exe
C:\Laptop\Carlos\Downloads\SoftonicDownloader_for_all2wav-recorder.exe
C:\Laptop\Carlos\Downloads\vlcmediaplayer-setup.exe
C:\Program Files (x86)\Filter Forge 4\Bin\filter.forge.4.008-MPT.exe
C:\Users\Carlos\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\dz1mso16.default\extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi
C:\Users\Carlos\Downloads\ccsetup416.exe
C:\Users\Carlos\Downloads\ccsetup502.exe
C:\Users\Carlos\Downloads\ccsetup511.exe
C:\Users\Carlos\Downloads\F1lterF0rge4.008.rar
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update.rar
C:\Users\Carlos\Downloads\Manga-Studio-5-Windows.zip
C:\Users\Carlos\Downloads\F1lterF0rge4.008\Filter_Forge_4.008\Filter.Forge.4.008.Patch.And.Cracked-MPT.zip
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update\Manga Studio EX 5.0.5 Windows update\Crack\xf-sms504ex.7z
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update\Manga Studio EX 5.0.5 Windows update\Crack\xf-sms504ex.exe
C:\Users\Carlos\Downloads\Manga-Studio-5-Windows\Crack\xf-sms50.7z
C:\Users\Carlos\Downloads\MANGA_STUDIO_V5.0.0-XFORCE
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
*****************

Restore point was successfully created.
C:\Laptop\Carlos\AppData\Local\CRE\ihdocopbfpkegkfdakddnemkgpbficdg.crx => moved successfully
C:\Laptop\Carlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YU7VSWVG\statisticsstub[2].exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\75AC.tmp => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\ApnStub.exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\MyBabylonTB.exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\tbFree.dll => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\Vid-Saver-ppd.exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbar4ie.exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\ct2704262 => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\ct3226464 => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\DEFB62A4-BAB0-7891-B736-0282DD28CE13 => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\is-7PGD6.tmp => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\is-LDE3E.tmp\ConduitInstaller.exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\is357113909 => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\nsl85F3.tmp\installer_util.exe => moved successfully
C:\Laptop\Carlos\AppData\Local\Temp\nsl85F3.tmp\mixer.exe => moved successfully
C:\Laptop\Carlos\AppData\Roaming\MajorWare\PDF To EPUB Converter\ppp\pdfccc.exe => moved successfully
C:\Laptop\Carlos\Downloads\cbsidlm-tr1_7-AD_Audio_Recorder-SEO2-10920578.exe => moved successfully
C:\Laptop\Carlos\Downloads\cbsidlm-tr1_7-Free_Sound_Recorder-ORG2-10698910.exe => moved successfully
C:\Laptop\Carlos\Downloads\FreeSoundRecorder.exe => moved successfully
C:\Laptop\Carlos\Downloads\FreeSoundRecorder_Bundle_9.4.1.exe => moved successfully
C:\Laptop\Carlos\Downloads\SoftonicDownloader_for_all2wav-recorder.exe => moved successfully
C:\Laptop\Carlos\Downloads\vlcmediaplayer-setup.exe => moved successfully
C:\Program Files (x86)\Filter Forge 4\Bin\filter.forge.4.008-MPT.exe => moved successfully
C:\Users\Carlos\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe => moved successfully
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\dz1mso16.default\extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi => moved successfully
C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi => moved successfully
C:\Users\Carlos\Downloads\ccsetup416.exe => moved successfully
C:\Users\Carlos\Downloads\ccsetup502.exe => moved successfully
C:\Users\Carlos\Downloads\ccsetup511.exe => moved successfully
C:\Users\Carlos\Downloads\F1lterF0rge4.008.rar => moved successfully
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update.rar => moved successfully
C:\Users\Carlos\Downloads\Manga-Studio-5-Windows.zip => moved successfully
C:\Users\Carlos\Downloads\F1lterF0rge4.008\Filter_Forge_4.008\Filter.Forge.4.008.Patch.And.Cracked-MPT.zip => moved successfully
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update\Manga Studio EX 5.0.5 Windows update\Crack\xf-sms504ex.7z => moved successfully
C:\Users\Carlos\Downloads\Manga Studio EX 5.0.5 Windows update\Manga Studio EX 5.0.5 Windows update\Crack\xf-sms504ex.exe => moved successfully
C:\Users\Carlos\Downloads\Manga-Studio-5-Windows\Crack\xf-sms50.7z => moved successfully
C:\Users\Carlos\Downloads\MANGA_STUDIO_V5.0.0-XFORCE => moved successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-645849503-499310708-3259883643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-645849503-499310708-3259883643-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 650.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:57:25 ====
MrToon is offline  
Old 04-12-2016, 02:49 PM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

Congratulations, Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.
  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.
Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES


It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 8.1

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide hereand for Windows 8.1 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 04-13-2016, 11:09 PM   #13
Registered Member
 
Join Date: Sep 2009
Location: Sacramento, CA
Posts: 104
OS: win 8 (desktop)



Thank you for all your help! It is greatly appreciated!
MrToon is offline  
Old 04-14-2016, 04:22 PM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MrToon,

You're welcome! Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:55 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts