Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

w32.shadesrat & dark comet RAT removal help

This is a discussion on w32.shadesrat & dark comet RAT removal help within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. first off sorry about my grammar and i could not upload ark.txt and attach.txt in a compressed zip folder winrar


 
 
Thread Tools Search this Thread
Old 10-20-2013, 11:30 AM   #1
Registered Member
 
Join Date: Oct 2013
Posts: 6
OS: windows 7 home premium service pack 1



first off sorry about my grammar and i could not upload ark.txt and attach.txt in a compressed zip folder winrar kept packing it as a rar zip archive but about the virus a few days ago i was down loading some things off the internet and came across w32.shadesrat norton said blocked w32.shadesrat from a url (probably where i got it from i don't know) so i run full system scan and came up with nothing but tracking cookies so i start in safe mode run full scan again and nothing so i go to norton to figure out how to remove it they said look in the registry files so i did found nothing logged off went to bed woke up and logged on and seen w32.shadesrat has been hard at work because now instead of just blocking w32.shadesrat now i have been getting spammed by norton blocking dark comet RAT any help would be appreciated DDS


(Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.25.2
Run by home at 13:34:54 on 2013-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1791.728 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\24x7Help\App24x7Svc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Users\home\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\HOWTOS~2\bar\1.bin\8ebarsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eSrchMn.exe
C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebrmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\chris\Documents\MSDCSC\msdcsc.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
C:\Users\home\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN32982620443077730&UM=2&ctid=CT3298580
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=US&userid=45bc31ec-8d87-04ee-31cc-c18cf3573758&searchtype=ds&q={searchTerms}&installDate=12/10/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=US&userid=45bc31ec-8d87-04ee-31cc-c18cf3573758&searchtype=ds&q={searchTerms}&installDate=12/10/2013
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=US&userid=45bc31ec-8d87-04ee-31cc-c18cf3573758&searchtype=ds&q={searchTerms}&installDate=12/10/2013
uURLSearchHooks: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
mURLSearchHooks: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\home\AppData\Local\SySaver\temp.dat
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Toolbar BHO: {61673209-76a0-4a62-ab12-014ce1a1b00e} - C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebar.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Fast Free Converter 4.1: {8232785C-5C98-4A6E-B7B4-911FFBED7582} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Coupon Savings: {C3F62D94-EEBB-11E1-B88F-CBBD4CC15727} - C:\Program Files (x86)\Coupon Savings\toolbar.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Search Assistant BHO: {ebf859ec-4900-40d5-b5e5-74766b5f407d} - C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eSrcAs.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} -
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: HowToSimplified: {e0c22e6b-a7bd-43f6-b5cc-020e06d11a45} - C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebar.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: MixiDJ V44 Toolbar: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files (x86)\MixiDJ_V44\prxtbMixi.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [SearchProtect] C:\Users\home\AppData\Roaming\SearchProtect\bin\cltmng.exe
uRun: [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298580\plugins\TBVerifier.dll",RunConduitFloatingPlugin bpfboklmeiefoedekjeigdcnfbpjeaii
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\home\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [HowToSimplified Search Scope Monitor] "C:\PROGRA~2\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
mRun: [HowToSimplified_8e Browser Plugin Loader] C:\PROGRA~2\HOWTOS~2\bar\1.bin\8ebrmon.exe
mRun: [ShopAtHomeWatcher] C:\Users\bob\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
mRun: [ShopAtHomeUpdater] C:\Users\bob\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
mRun: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
mRunOnce: [cheatengine] <no file>
dRun: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableRegedit = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableRegedit = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{69036B88-E40A-4872-BF76-1876A20D221F} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [HowToSimplified Home Page Guard 64 bit] "C:\PROGRA~2\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
x64-RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
x64-RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
x64-RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
x64-RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
x64-RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\NP8eStub.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-10-12 22:21; {45bc31ec-8d87-04ee-31cc-c18cf3573758}; C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}
FF - ExtSQL: 2013-10-20 00:00; [email protected]; C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2013-08-16 16:34; [email protected]_8e.com; C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-12-24 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-12-24 38016]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2012-12-8 17720]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [2013-10-1 1525848]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131018.001\IDSviA64.sys [2013-10-18 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752]
R2 24x7HelpSvc;24x7HelpService;C:\Program Files (x86)\24x7Help\App24x7Svc.exe [2012-10-20 342168]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-12-8 464256]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-9-22 220960]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\home\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-12-20 107520]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 HowToSimplified_8eService;HowToSimplifiedService;C:\PROGRA~2\HOWTOS~2\bar\1.bin\8ebarsvc.exe [2013-8-16 42504]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-20 92216]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-10-19 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-8-24 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-12-8 72216]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-24 1119768]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
R2 WajamUpdaterV2;WajamUpdaterV2;C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV2.exe [2013-10-10 113152]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-8 46136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-27 140376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-24 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe --> C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 MySQL56;MySQL56;"C:/Program Files (x86)/Canon/Easy-WebPrint EX/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files (x86)/Canon/Easy-WebPrint EX/bin\mysqld [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-8 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-12 1255736]
.
=============== Created Last 30 ================
.
2013-10-20 17:30:02 -------- d-----w- C:\Users\home\AppData\Local\SySaver
2013-10-20 17:28:48 -------- d-----w- C:\ProgramData\Conduit
2013-10-20 17:28:47 -------- d-----w- C:\Users\home\AppData\Local\Conduit
2013-10-20 17:28:47 -------- d-----w- C:\Program Files (x86)\MixiDJ_V44
2013-10-20 17:28:23 -------- d-----w- C:\Users\home\AppData\Local\CRE
2013-10-20 17:28:20 -------- d-----w- C:\Program Files (x86)\Conduit
2013-10-20 17:27:38 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-10-20 17:27:26 -------- d-----w- C:\Users\home\AppData\Roaming\SearchProtect
2013-10-20 17:26:58 -------- d-----w- C:\Users\home\AppData\Roaming\Free Download Manager
2013-10-20 17:26:47 -------- d-----w- C:\Program Files (x86)\Free Download Manager
2013-10-13 02:22:02 -------- d-----w- C:\Users\home\AppData\Local\Wajam
2013-10-13 02:22:01 -------- d-----w- C:\Program Files (x86)\Wajam
2013-10-13 02:21:18 -------- d-----w- C:\Program Files (x86)\File Type Helper
2013-10-13 02:21:09 -------- d-----w- C:\Program Files (x86)\Fast Free Converter
2013-10-12 14:19:37 -------- d-----w- C:\ProgramData\WarThunder
2013-10-10 19:57:03 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-10 19:57:03 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2013-10-10 19:57:00 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-10-10 19:57:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-10-10 19:57:00 41472 ----a-w- C:\Windows\System32\lpk.dll
2013-10-10 19:57:00 368128 ----a-w- C:\Windows\System32\atmfd.dll
2013-10-10 19:57:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-10-10 19:57:00 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-10-10 19:57:00 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2013-10-10 19:57:00 14336 ----a-w- C:\Windows\System32\dciman32.dll
2013-10-10 19:57:00 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2013-10-10 19:57:00 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-10-10 19:55:49 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-10 19:55:47 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 19:55:47 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 19:55:45 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-09 06:18:09 -------- d-----w- C:\Program Files (x86)\RealWorld Cursor Editor
2013-10-07 2020 -------- d-----w- C:\Program Files (x86)\MySQL
2013-10-07 2019 -------- d-----w- C:\ProgramData\MySQL
.
==================== Find3M ====================
.
2013-10-18 20:24:24 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2013-10-18 20:24:24 35656 ----a-w- C:\Windows\System32\LMIport.dll
2013-10-18 20:24:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-10-09 16:33:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 16:33:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 13:35:19.22 ===============
Attached Files
File Type: txt ARK.txt (11.6 KB, 41 views)
File Type: txt attach.txt (8.5 KB, 42 views)
eatabagel is offline  
Sponsored Links
Advertisement
 
Old 10-21-2013, 10:57 AM   #2
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 10-22-2013, 08:28 PM   #3
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Unless asked, please do not run any tools or add/remove software. If you need to, feel free to ask me any questions before proceeding with any step(s)/instructions. Appreciate your help.

Please visit this webpage for download links, and instructions for running the tool:
ComboFix: A guide and tutorial on using ComboFix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Quote:
winrar kept packing it
Looks like you figured how to make zip work. If it will be easier, go ahead and just post any future logs rather than worry about Attaching that log. The techs at TSF don't have WinRAR as it's not usually free as it says in the
https://www.techsupportforum.com/foru...lp-305963.html

Thanks.
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Sponsored Links
Advertisement
 
Old 10-24-2013, 10:05 AM   #4
Registered Member
 
Join Date: Oct 2013
Posts: 6
OS: windows 7 home premium service pack 1



hello drdos here is my combofix log
Attached Files
File Type: txt ComboFix.txt (47.0 KB, 47 views)
eatabagel is offline  
Old 10-25-2013, 08:54 AM   #5
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Thanks for that log. I know it can be long but its ok to Post it here instead of Attach these Logs. If I need you to Attach I'll let you know.

Please download AdwCleaner (by Xplode) onto your Desktop from this link (always get latest version) and save it to your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • Click on Report - A logfile will automatically open. Please post the contents of that logfile with your next reply.

    You can find the logfile at C:\AdwCleaner\AdwCleaner[Rn].txt ('n' is the scan order number).


I always want to know what you think, so how are things running now?
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 10-25-2013, 09:53 PM   #6
Registered Member
 
Join Date: Oct 2013
Posts: 6
OS: windows 7 home premium service pack 1



after running combofix i have stopped getting shadesrat blocks from norton # AdwCleaner v3.010 - Report created 26/10/2013 at 00:26:30
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : chris - HOME-HP
# Running from : C:\Users\chris\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : WajamUpdaterV2

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\pym760ry.default\searchplugins\Web Search.xml
File Found : C:\Users\brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v49r0xqf.default\searchplugins\Web Search.xml
File Found : C:\Users\candy\AppData\Roaming\Mozilla\Firefox\Profiles\u2kef7wv.default\searchplugins\Web Search.xml
File Found : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\searchplugins\ask-web-search.xml
File Found : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\searchplugins\Web Search.xml
File Found : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\user.js
File Found : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\searchplugins\Conduit.xml
File Found : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\searchplugins\Web Search.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Users\ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Users\brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Folder Found : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Found : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\Extensions\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Fast Free Converter
Folder Found C:\Program Files (x86)\File Type Helper
Folder Found C:\Program Files (x86)\iMesh Applications
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files (x86)\Wajam
Folder Found C:\Program Files (x86)\xfin_portal
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\StarApp
Folder Found C:\Users\ash\AppData\Local\iMesh
Folder Found C:\Users\ash\AppData\LocalLow\Conduit
Folder Found C:\Users\ash\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\ash\AppData\LocalLow\Zynga
Folder Found C:\Users\bob\AppData\Local\iac
Folder Found C:\Users\bob\AppData\LocalLow\AppGraffiti
Folder Found C:\Users\bob\AppData\LocalLow\Conduit
Folder Found C:\Users\bob\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\bob\AppData\LocalLow\PriceGong
Folder Found C:\Users\bob\AppData\LocalLow\RebateInformer
Folder Found C:\Users\bob\AppData\LocalLow\Zynga
Folder Found C:\Users\brianna\AppData\LocalLow\AppGraffiti
Folder Found C:\Users\brianna\AppData\LocalLow\comcasttb
Folder Found C:\Users\brianna\AppData\LocalLow\Conduit
Folder Found C:\Users\brianna\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\brianna\AppData\LocalLow\Inbox Toolbar
Folder Found C:\Users\brianna\AppData\LocalLow\mediabarim
Folder Found C:\Users\brianna\AppData\LocalLow\RebateInformer
Folder Found C:\Users\brianna\AppData\LocalLow\wincoreimband
Folder Found C:\Users\brianna\AppData\LocalLow\xfin_portal
Folder Found C:\Users\brianna\AppData\LocalLow\Zynga
Folder Found C:\Users\candy\AppData\LocalLow\comcasttb
Folder Found C:\Users\candy\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\candy\AppData\Roaming\iWin
Folder Found C:\Users\chris\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\chris\AppData\LocalLow\Zynga
Folder Found C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\xfin_portal
Folder Found C:\Users\home\AppData\Local\PackageAware
Folder Found C:\Users\home\AppData\Local\Smartbar
Folder Found C:\Users\home\AppData\Local\Wajam
Folder Found C:\Users\home\AppData\Local\Zoom_Downloader
Folder Found C:\Users\home\AppData\LocalLow\comcasttb
Folder Found C:\Users\home\AppData\LocalLow\Conduit
Folder Found C:\Users\home\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\home\AppData\LocalLow\xfin_portal
Folder Found C:\Users\home\AppData\Roaming\DefaultTab
Folder Found C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\CT3298580
Folder Found C:\Users\home\AppData\Roaming\OpenCandy
Folder Found C:\Users\tempuser\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\tempuser\AppData\LocalLow\mediabarim
Folder Found C:\Users\tempuser\AppData\LocalLow\wincoreimband

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\Software\24x7help
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Found : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Fast Free Converter
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Key Found : HKLM\Software\Wajam
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified Search Scope Monitor]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified_8e Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Found : user_pref("extensions.helperbar.Visibility", false);

[ File : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\pym760ry.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");

[ File : C:\Users\candy\AppData\Roaming\Mozilla\Firefox\Profiles\u2kef7wv.default\prefs.js ]

Line Found : user_pref("browser.search.selectedEngine", "Web Search");

[ File : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Web Search");
Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://dts.search-results.com/sr?src=ffb&appid=393&systemid=1&sr=0&q=");
Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=8A99C17F-A9D7-40F7-844E-4DC1F8185D6A&n=77fd3011&p2=^AW6^xdm002^YYA^us&si=CJeKroHogrkCFe9aMgodCWUA[...]
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.enabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.lastGuardTime", -379793791);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.numGuards", 1);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.user.defined", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.installDate", "2013081617");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.partnerId", "^AW6^xdm002^YYA^us");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.partnerSubId", "CJeKroHogrkCFe9aMgodCWUA_g");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.toolbarId", "8A99C17F-A9D7-40F7-844E-4DC1F8185D6A");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.lastActivePing", "1382761257649");
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.options.defaultSearch", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.options.homePageEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.options.keywordEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._8eMembers_.weather.location", "48659");
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Found : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=8A99C17F-A9D7-40F7-844E-4DC1F8185D6A&n=77fd3011&ind=2013081617&p2=^AW6^xdm002^YYA^us&si=CJeKroHogrkCFe9aMgodCWUA_g&sea[...]

[ File : C:\Users\brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v49r0xqf.default\prefs.js ]

Line Found : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : homepage
Found : homepage

[ File : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\ash\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\brianna\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20454 octets] - [26/10/2013 00:26:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20515 octets] ##########
eatabagel is offline  
Old 10-26-2013, 06:01 PM   #7
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Thanks again for that log.

  1. Rerun AdwCleaner selecting the following:

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • Click on Clean - A logfile may automatically open. Please post the contents of that logfile with your next reply.
    • If prompted to reboot, do so.

      You can find the logfile at C:\AdwCleaner\AdwCleaner[Sn].txt ('n' is the scan order number).

  2. Run Malwarebytes' Anti-Malware. Follow all prompts to update the program or any updates. If an update is found, select Yes and download the latest version.

    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.

    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

  3. Go here to run an online scannner from ESET.

    Vista and Windows 7 users - run as Administrator.

    Note: You will need to use Internet explorer for this scan. For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open..

    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish - this may take a while
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log as a reply to this topic and let me know how things are now.

I need three (3) logs in your next post:
  • C:\AdwCleaner\AdwCleaner[Sn].txt
  • C:\Users\<username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-[date (time)].txt
  • C:\Program Files\Eset\Eset Online Scanner\log.txt
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 10-27-2013, 12:33 PM   #8
Registered Member
 
Join Date: Oct 2013
Posts: 6
OS: windows 7 home premium service pack 1



after running eset you wanted the list of found threats at the end? because i did not find a log
eatabagel is offline  
Old 10-27-2013, 08:55 PM   #9
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Quote:
i did not find a log
You're right! My mistake. Try here
C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
Hopefully the other 2 ran ok. If so, please post them.
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 10-29-2013, 11:51 AM   #10
Registered Member
 
Join Date: Oct 2013
Posts: 6
OS: windows 7 home premium service pack 1



# AdwCleaner v3.010 - Report created 27/10/2013 at 11:09:55
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : chris - HOME-HP
# Running from : C:\Users\chris\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : WajamUpdaterV2

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\xfin_portal
Folder Deleted : C:\Users\home\AppData\Local\PackageAware
Folder Deleted : C:\Users\home\AppData\Local\Smartbar
Folder Deleted : C:\Users\home\AppData\Local\Wajam
Folder Deleted : C:\Users\home\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\home\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\home\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\home\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\home\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\home\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\home\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\bob\AppData\Local\iac
Folder Deleted : C:\Users\bob\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\bob\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bob\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\bob\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\bob\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\bob\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\candy\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\candy\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\candy\AppData\Roaming\iWin
Folder Deleted : C:\Users\chris\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\chris\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\ash\AppData\Local\iMesh
Folder Deleted : C:\Users\ash\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ash\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\ash\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\tempuser\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\tempuser\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\tempuser\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\brianna\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\brianna\AppData\LocalLow\comcasttb
Folder Deleted : C:\Users\brianna\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\brianna\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Users\brianna\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\brianna\AppData\LocalLow\mediabarim
Folder Deleted : C:\Users\brianna\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\brianna\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\brianna\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\brianna\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\CT3298580
Folder Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\xfin_portal
Folder Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\Extensions\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Folder Deleted : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\Extensions\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}
Folder Deleted : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Deleted : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\ash\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\brianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\searchplugins\ask-web-search.xml
File Deleted : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\searchplugins\Conduit.xml
File Deleted : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\searchplugins\Web Search.xml
File Deleted : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\pym760ry.default\searchplugins\Web Search.xml
File Deleted : C:\Users\candy\AppData\Roaming\Mozilla\Firefox\Profiles\u2kef7wv.default\searchplugins\Web Search.xml
File Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\searchplugins\Web Search.xml
File Deleted : C:\Users\brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v49r0xqf.default\searchplugins\Web Search.xml
File Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified_8e Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\Software\24x7help
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);

[ File : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\pym760ry.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

[ File : C:\Users\candy\AppData\Roaming\Mozilla\Firefox\Profiles\u2kef7wv.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

[ File : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://dts.search-results.com/sr?src=ffb&appid=393&systemid=1&sr=0&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=8A99C17F-A9D7-40F7-844E-4DC1F8185D6A&n=77fd3011&p2=^AW6^xdm002^YYA^us&si=CJeKroHogrkCFe9aMgodCWUA[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.lastGuardTime", -379793791);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.numGuards", 1);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.installDate", "2013081617");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.partnerId", "^AW6^xdm002^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.partnerSubId", "CJeKroHogrkCFe9aMgodCWUA_g");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.installation.toolbarId", "8A99C17F-A9D7-40F7-844E-4DC1F8185D6A");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.lastActivePing", "1382886293814");
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._8eMembers_.weather.location", "48659");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=8A99C17F-A9D7-40F7-844E-4DC1F8185D6A&n=77fd3011&ind=2013081617&p2=^AW6^xdm002^YYA^us&si=CJeKroHogrkCFe9aMgodCWUA_g&sea[...]

[ File : C:\Users\brianna\AppData\Roaming\Mozilla\Firefox\Profiles\v49r0xqf.default\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

[ File : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\candy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\ash\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\brianna\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20680 octets] - [26/10/2013 00:26:30]
AdwCleaner[R1].txt - [20741 octets] - [27/10/2013 11:07:58]
AdwCleaner[S0].txt - [20652 octets] - [27/10/2013 11:09:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20713 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.10.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
chris :: HOME-HP [administrator]

10/27/2013 11:32:54 AM
mbam-log-2013-10-27 (11-32-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367588
Time elapsed: 7 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7FB8EA1D-945D-5002-BEBB-D0AEA9CBA20E} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\PCPOWERSPEED (PUP.Optional.PCPowerSpeed.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8232785C-5C98-4A6E-B7B4-911FFBED7582} (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{8232785C-5C98-4A6E-B7B4-911FFBED7582} (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.
HKCU\Software\PCPowerSpeed|LAST_CMS_UPDATE (PUP.Optional.PCPowerSpeed.A) -> Data: j^@ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bad: (https://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=US&userid=45bc31ec-8d87-04ee-31cc-c18cf3573758&searchtype=ds&q={searchTerms}&installDate=12/10/2013) Good: (Google) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bad: (https://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=US&userid=45bc31ec-8d87-04ee-31cc-c18cf3573758&searchtype=ds&q={searchTerms}&installDate=12/10/2013) Good: (Google) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin (PUP.Optional.24x7) -> Quarantined and deleted successfully.

Files Detected: 48
C:\ProgramData\InstallMate\{83E92400-A710-4220-A0CB-EF32580A06F6}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{83E92400-A710-4220-A0CB-EF32580A06F6}\TsuDll.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\bob\Documents\3fe22236.exe (Malware.Packer.ZA) -> Quarantined and deleted successfully.
C:\Users\brianna\Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\7zip__1005_i89245579_il423824.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\CheatEngine63.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\media-plugin-update_setup (1).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\media-plugin-update_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\chris\Downloads\WiseConvert_B2.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\8b00cee.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\bubble.xml (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_Left.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_Right.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_X00.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_X01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7bubble_X02.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsActive.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsBack.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsHover.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_Back00.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_PhoneIcon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7logoNew_dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7man_dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\24x7_UploaderDark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\ArrowSmall.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\ArrowSmallHot.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Hardware_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\HotInactiveTabLeft.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\HotInactiveTabRight.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\MainImg_SettingsDark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon00_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon01_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon00_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon01_Dark01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\OK_IconGreen01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Phones_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\PushedInactiveTabLeft.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\PushedInactiveTabRight.bmp (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Security_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\skin.xml (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Software_Icon.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow00.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Warning_Icon01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Warning_IconOrange01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\Warning_IconRed01.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\WhiteTabLeft.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\24x7 Help\skin\WhiteTabRight.png (PUP.Optional.24x7) -> Quarantined and deleted successfully.

(end)
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0539eeb96671f14fb6fc5030e870243e
# engine=15655
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-27 07:23:15
# local_time=2013-10-27 03:23:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 83 91 919551 133477891 0 0
# compatibility_mode=5893 16776574 100 94 8539250 134445245 0 0
# scanned=292032
# found=58
# cleaned=0
# scan_time=11901
sh=35715271896D3CCF1B1E3271F8FF11F1DA5CF6A9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen application" ac=I fn="C:\AdwCleaner\Backup\C\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs_27_10_2013_11_10_34.js"
sh=8FFC07F4649D0C8069F0997F8C35027038A46851 ft=1 fh=1016fc79383bf32e vn="a variant of Win32/Toolbar.Visicom.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcastdx.dll.vir"
sh=FC76761308626483B8D915D65C4F0420C5B83A69 ft=1 fh=c70d7a0404f5dc5d vn="a variant of Win32/Toolbar.Visicom.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcasttb.dll.vir"
sh=12626B55C3C03E0B3CB6005F2DFBAFDBC5CCAD89 ft=1 fh=c0b533973faf1f0d vn="a variant of Win32/Toolbar.Visicom.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\brianna\AppData\LocalLow\xfin_portal\comcastdx.dll.vir"
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\user.js.vir"
sh=C5006EFAE95B735C951216CADE30DCB5EA8F1AFA ft=1 fh=e7d8e0873d2cde0e vn="a variant of MSIL/Toolbar.Linkury.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=A1F94BFF328F6838E22E65DB6261A1CFCCBA6241 ft=1 fh=ec4ba12650e58fd2 vn="a variant of Win32/Toolbar.Linkury.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=A1F94BFF328F6838E22E65DB6261A1CFCCBA6241 ft=1 fh=ec4ba12650e58fd2 vn="a variant of Win32/Toolbar.Linkury.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=4B867150C3B922917F583CA7905084D05B1AC187 ft=1 fh=887677fd55e16ee7 vn="a variant of Win32/Toolbar.Linkury.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\SnapDo.exe.vir"
sh=4A63E066AFF9D9276AEDDF5D5200226D6E224BA1 ft=1 fh=8a231ac0f4f06856 vn="a variant of MSIL/Toolbar.Linkury.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=06B35245DC59AA003F1E6F787461843E4432E2FA ft=1 fh=78377ac3e51852d9 vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_23.dll.vir"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\home\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eauxstb.dll"
sh=1A77EA9E7975B74FB40A3B624896E30CAA8CCC3E ft=1 fh=fd94b5f53ab27b7a vn="a variant of Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebar.dll"
sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebprtct.dll"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ebrmon.exe"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8edatact.dll"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ehtmlmu.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="probably a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eieovr.dll"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eimpipe.exe"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="probably a variant of Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ePlugin.dll"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8ereghk.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eskin.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eskplay.exe"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\8eSrchMn.exe"
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\AppIntegrator64.exe"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\AppIntegratorStub64.dll"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="a variant of Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\CREXT.DLL"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\Hpg64.dll"
sh=3F1F0453D1812E206EF73BBF87141778CDFFEDD9 ft=1 fh=db0cab7c3242ab97 vn="Win32/Toolbar.MyWebSearch.T application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\NP8eStub.dll"
sh=7BBFF8810BB79104FE275FBBF7DE48DCBD877E01 ft=1 fh=946da15070ee37db vn="probably a variant of Win32/Toolbar.MyWebSearch.F application" ac=I fn="C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin\T8HTML.DLL"
sh=B2D78727686D6618D791E798AC3874089B3081BC ft=1 fh=9111e48f4d6ce491 vn="Win64/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\24x7desk.64.dll.vir"
sh=3A7884736387F43B95ADA41B74CB228687C348E7 ft=1 fh=e262010232692cea vn="Win32/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\24x7desk.dll.vir"
sh=D23991ED8350F5946B77048A0EFA3B07B02D19EA ft=1 fh=acb567724ce4e324 vn="a variant of Win32/24x7Help.B application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Help.exe.vir"
sh=7636284DBD8F2EB2126A9F361410A5BF6FC5585E ft=1 fh=6927e52b553745e9 vn="Win32/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.dll.vir"
sh=6EA27566AC90D33F74E840F1CEC8B260FA003314 ft=1 fh=91f6236179d63b17 vn="Win32/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook.exe.vir"
sh=F6F89A73314675FBFC370E43B9A049BA029F25FE ft=1 fh=169c81c093c87562 vn="Win64/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.dll.vir"
sh=47BB4A2349985C0CAE6A6E73402BDE0B5D6BDF17 ft=1 fh=b18fc4087e16bbff vn="Win64/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Hook64.exe.vir"
sh=281C4D18B7BEF587B395047C61A6C9179325BE6D ft=1 fh=ecc0053d6f81e4b8 vn="Win32/24x7Help.A application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\24x7Help\App24x7Svc.exe.vir"
sh=87B790B66884815FA75506257F5B6762936B8FDB ft=1 fh=35468e5302650c34 vn="Win32/Olmarik.AYD trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\DDCD.tmp.vir"
sh=EA111903F48C1CB7FE5056509351A88EFE85114F ft=1 fh=0f73ddfd31d1def0 vn="Win32/Toolbar.DefaultTab.A application" ac=I fn="C:\Qoobox\Quarantine\C\Users\home\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir"
sh=30FE15743A90AC2AB8E769F64ADA5175196AE1B5 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdhdegbgfgbgbdfdjdfdgdedaddgc\background.html"
sh=3113662D84508DD67BCEDA10E4F08903300B8485 ft=0 fh=0000000000000000 vn="Win32/BHO.OEI trojan" ac=I fn="C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdhdegbgfgbgbdfdjdfdgdedaddgc\ContentScript.js"
sh=E1B395E389707A3B56408A0EE681C0925AEB028A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4c8066bf-2320935a"
sh=634E869F159B2817690AF0FD30AF3779FB0B079E ft=0 fh=0000000000000000 vn="JS/Redirector.NIQ trojan" ac=I fn="C:\Users\chris\AppData\Local\{5A0EA2AE-9CC4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul"
sh=CCEE04832AB5D3DDDD2FEF4B218A39446FA63D2B ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NBH trojan" ac=I fn="C:\Users\chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2c8bcd61-1e229301"
sh=9691C108DEF7CE78A8FD0A77115C933E2A3793E0 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen application" ac=I fn="C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs.js"
sh=228588B8904DD4F6BDF00B41D47FF59BA2679025 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen application" ac=I fn="C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs.js.BAK"
sh=EE127925059CCFDAB84E065CA3C4FBB02DBA55FE ft=1 fh=07a5484bf138c2a6 vn="multiple threats" ac=I fn="C:\Users\chris\Desktop\PoE AoB multihack.exe"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_21.dll"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_22.dll"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_23.dll"
sh=BA8871127FB23B24A8963B6A5992DED58259E590 ft=1 fh=65df87dcc97c6ea8 vn="a variant of Win32/Toolbar.Linkury.D application" ac=I fn="C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_24.dll"
eatabagel is offline  
Old 10-30-2013, 10:36 AM   #11
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Thanks for those logs.
  1. In Control Panel, select Programs > Programs and Features > Uninstall a Program and remove the following programs if still present
    HowToSimplified
    Java(TM) 6 Update 37
    If you are not using the Category view, Programs and Features is what you want.


  2. Close any open browsers.

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Open notepad and copy/paste the text in the codebox below into it:

    Code:
    Folder::
    C:\Program Files (x86)\HowToSimplified_8e
    
    File::
    C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdhdegbgfgbgbdfdjdfdgdedaddgc\background.html
    C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdhdegbgfgbgbdfdjdfdgdedaddgc\ContentScript.js
    C:\Users\bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4c8066bf-2320935a
    C:\Users\chris\AppData\Local\{5A0EA2AE-9CC4-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul
    C:\Users\chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2c8bcd61-1e229301
    C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs.js
    C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\75ws54si.default\prefs.js.BAK
    C:\Users\chris\Desktop\PoE AoB multihack.exe
    C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_20.dll
    C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_21.dll
    C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_22.dll
    C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_23.dll
    C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\3k0b14ox.default-1375615307942\extensions\{45bc31ec-8d87-04ee-31cc-c18cf3573758}\components\SmartbarFireFoxRemotePlugin_24.dll
    ClearJavaCache::
    Save this as CFScript.txt, in the same location as ComboFix.exe





    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





How are things running now?
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 11-01-2013, 12:48 PM   #12
Registered Member
 
Join Date: Oct 2013
Posts: 6
OS: windows 7 home premium service pack 1



my computer is running a lot smoother no random pop ups when clicking around the internet
eatabagel is offline  
Old 11-02-2013, 10:20 AM   #13
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

Quote:
my computer is running a lot smoother no random pop ups when clicking around the internet
Always good to hear. Let's finish up then.
  1. Your Java is out of date. Older versions have vulnerabilites that malware can use to infect your system. Please follow these steps to update.
    • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
    • Scroll down to where it says Java SE 7 Update 45
    • Click the Download JRE button to the right.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on [B]Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u45-windows-i586.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
      • Click OK on Delete Temporary Files Window

        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.


  2. I still need your latest ComboFix log. You can find it here C:\ComboFix.txt.


Thanks.
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 11-02-2013, 03:47 PM   #14
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

While I'm waiting for that log, thought I would share.

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, that you disable Java in your web browsers. Depending on your need, it could be removed entirely, but that's up to you.

Oracle has now included a way to disable Java in all browsers. Starting with version j7u10 there is now the capability to disable Java in your web browsers.

Detailed instructions are here:
How do I disable Java in my web browser?
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
Old 11-06-2013, 08:33 AM   #15
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



eatabagel,

I haven't heard from you in several days. I must warn you that without an answer from you, this thread may be closed.

Thanks.
__________________
Drew aka DrDOS / DCal
DrDOS is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
IE9 sluggish
Tech Support, My IE9 takes a couple minutes to load the home page and, after it finally does load, it runs very slow. Google Chrome works fine. SuperAntispyware found Trojan.Agent/Gen-Keygen and Adware tracking cookies. Microsoft Security Essentials found nothing. I did a Reset on IE9, but...
rknlsnii Resolved HJT Threads 31 10-02-2012 04:48 PM
A Challenge?
Any help with this would be really appreciated! So, -I kept getting directed to the wrong (avast tells me malicious) websites when I clicked a link with Bing or Google, has been happening for a couple weeks, with increased frequency -10 days or so ago, found out it might be this "misdirect...
needhelp1234222 Resolved HJT Threads 22 06-26-2012 09:55 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:37 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts