Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

Spyhunter 4 won't Uninstall / Live Security Platinum / Help!


Recommended Posts

Very very very new. Um.

 

Trying to get rid of the Live Security Platinum virus, and downloaded Spyhunter 4. I think I have the virus gone, but now spyhunter 4 won't go away. I ran TFC, and DDS - I have the logs from DDS saved, but now I have no idea what to do.

 

To give you an idea, I am near to being a complete novice at this -- I just would like not to have to take my laptop somewhere and pay an arm and a leg to get it fixed.

Link to comment
Share on other sites

Welcome

 

Welcome to the forum :smile:

....I have the logs from DDS saved, but now I have no idea what to do.....

From the thread Guidelines for requesting malware removal assistance

Step 3 - DDS by sUBs

 

Download DDS from |HERE| or |HERE| and save it to your desktop.

 

Vista & 7 users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply in 2 seperate posts.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copy and pasting it into the reply.

Then wait for Malware Fighter Superdave to respond.

 

All the best, woz of oz

Link to comment
Share on other sites

Haha, thank you. Copying and pasting below.

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by best buy at 1:18:41 on 2012-09-23

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1568 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\Windows\System32\Drivers\WTSRV.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\WTClient.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\BitLord\BitLord.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Users\best buy\AppData\Local\GetBooks\GetBooks.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Users\best buy\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Users\best buy\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\Digsby\lib\digsby-app.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765

uDefault_Page_URL = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {8C5878D0-6106-423B-AAA8-144C143DBF44} - No File

uRun: [Google Update] "C:\Users\best buy\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [bitComet] "C:\Program Files (x86)\BitLord\BitLord.exe"

uRun: [best Buy pc app] C:\Users\best buy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [GetBooks] "C:\Users\best buy\AppData\Local\GetBooks\GetBooks.exe" be99d4471e1b945b25d9b947573db534

uRun: [WideSearch] C:\Users\best buy\AppData\Local\WideSearch\wsearch.exe

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [WTClient] WTClient.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe

StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

StartupFolder: C:\Users\BESTBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\7523237364D4 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\84F6C6964616970294E6E6 : DhcpNameServer = 205.171.3.65 4.2.2.2 8.8.8.8

TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\9516E6B6565637 : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{E47D5C36-6783-4B0F-A96D-EE63E3761114}\D4A43502433313 : DhcpNameServer = 10.0.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {8C5878D0-6106-423B-AAA8-144C143DBF44} - No File

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [WTClient] WTClient.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun-x64: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\Users\best buy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-4-5 14904]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]

R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-20 245760]

R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]

R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\system32\DRIVERS\PTSimBus.sys --> C:\Windows\system32\DRIVERS\PTSimBus.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-15 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250288]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-15 136176]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 114144]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\system32\DRIVERS\PTSimHid.sys --> C:\Windows\system32\DRIVERS\PTSimHid.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-09-22 17:41:13 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-09-22 17:00:30 110080 ----a-r- C:\Users\best buy\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe

2012-09-22 17:00:30 110080 ----a-r- C:\Users\best buy\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe

2012-09-22 17:00:30 110080 ----a-r- C:\Users\best buy\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe

2012-09-22 17:00:28 -------- d-----w- C:\sh4ldr

2012-09-22 17:00:28 -------- d-----w- C:\Program Files\Enigma Software Group

2012-09-22 16:52:10 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-09-22 16:31:55 -------- d-----w- C:\ProgramData\0C1CFB131C4F23EEBFB5356EF875F002

2012-09-22 04:40:56 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-09-22 04:29:31 -------- d-----w- C:\Users\best buy\AppData\Local\WideSearch

2012-09-22 04:28:56 -------- d-----w- C:\Users\best buy\AppData\Local\GetBooks

2012-09-19 16:45:03 -------- d-----r- C:\Users\best buy\AppData\Roaming\Brother

2012-09-16 01:19:49 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-09-12 11:40:41 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 11:40:40 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 11:40:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 11:40:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 11:40:39 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 11:40:39 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 11:40:39 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2012-09-22 04:05:47 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-22 04:05:46 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-06 18:33:55 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-07-06 18:33:55 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll

.

============= FINISH: 1:20:04.04 ===============

Link to comment
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/7/2010 3:45:38 AM

System Uptime: 9/23/2012 1:10:11 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | K50IJ

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Socket 478 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 200.924 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP160: 8/21/2012 3:00:13 AM - Windows Update

RP161: 9/10/2012 4:11:54 PM - Scheduled Checkpoint

RP162: 9/14/2012 1:33:14 PM - Windows Update

RP163: 9/22/2012 12:57:07 PM - Installed SpyHunter

RP164: 9/22/2012 1:47:40 PM - Removed SpyHunter

RP165: 9/22/2012 1:49:10 PM - Removed SpyHunter

RP166: 9/22/2012 1:50:29 PM - Removed SpyHunter

RP167: 9/22/2012 11:28:59 PM - Removed SpyHunter

RP168: 9/22/2012 11:34:08 PM - Removed SpyHunter

RP169: 9/22/2012 11:38:40 PM - Removed SpyHunter

RP170: 9/23/2012 12:05:04 AM - Removed SpyHunter

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader 9.5.2 MUI

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Alcor Micro USB Card Reader

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS CopyProtect

ASUS Data Security Manager

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS MultiFrame

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS_Screensaver

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

AVS Update Manager 1.0

Best Buy pc app

BitLord 2.0

Brother MFL-Pro Suite MFC-J430W

calibre

Choice Guard

Compatibility Pack for the 2007 Office system

ControlDeck

Digital Media Converter 3.1

Digsby

Google Chrome

Google Earth Plug-in

Google Update Helper

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 20

Java 6 Update 31

Junk Mail filter update

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Reader

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Movavi Video Converter 11

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MP4 MP3 Converter v4.2 build 1425

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nuance PaperPort 12

Nuance PDF Viewer Plus

OpenOffice.org 3.3

PdaNet for Android 3.02

PDF Settings

Platform

QuickTime

Roxio Burn

Roxio Roxio Burn

Roxio Update Manager

Scansoft PDF Professional

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Toolbars

swMSM

Trillian

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Veetle TV 0.9.17

VIA Platform Device Manager

vShare Plugin

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinFlash

Wireless Console 3

Xvid 1.2.1 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

9/23/2012 12:57:20 AM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).

9/23/2012 1:15:50 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

9/23/2012 1:15:50 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

9/23/2012 1:10:44 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

9/23/2012 1:10:43 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

9/23/2012 1:10:43 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

9/22/2012 12:37:16 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to comment
Share on other sites

Hi xelhaspixiestix... thanks for the copy/paste!

 

Your machine definitely needs Superdave's attention! I see multiple issues.:shock:

 

Please be patiient xelhaspixiestix and wait for Dave. Your machine is seriously compromised. Please don't try to surf around and find software to try to fix it. Please pay attention to this and wait for Superdave to respond to your post and then follow his instructions exactly.

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please download AdwCleaner by Xplode onto your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*****************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

*****************************************************

Re-run MBAM:

 

Code:

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

Link to comment
Share on other sites

AdwCleaner Log:

 

# AdwCleaner v2.003 - Logfile created 09/23/2012 at 21:55:52

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : best buy - BESTBUY-PC

# Boot Mode : Normal

# Running from : C:\Users\best buy\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Askcom.xml

File Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Conduit.xml

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\vShare

Folder Found : C:\Users\best buy\AppData\Local\Conduit

Folder Found : C:\Users\best buy\AppData\LocalLow\Conduit

Folder Found : C:\Users\best buy\AppData\LocalLow\vShare

Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\ConduitCommon

Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\CT2830765

Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}

Folder Found : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\vshare@toolbar

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\vShare

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2830765

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

Key Found : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj

Key Found : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

Key Found : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare

Key Found : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Found : HKU\S-1-5-21-2692702394-3717547501-365279644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKU\S-1-5-21-2692702394-3717547501-365279644-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7601.17514

 

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765

 

-\\ Mozilla Firefox v15.0.1 (en-US)

 

Profile name : default

File : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\prefs.js

 

Found : user_pref("CT2830765..clientLogIsEnabled", true);

Found : user_pref("CT2830765..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT2830765..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT2830765.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT2830765.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT2830765.AppTrackingLastCheckTime", "Tue Apr 03 2012 01:19:23 GMT-0400 (Eastern Daylight[...]

Found : user_pref("CT2830765.BrowserCompStateIsOpen_8321965553382844501", true);

Found : user_pref("CT2830765.CTID", "CT2830765");

Found : user_pref("CT2830765.CurrentServerDate", "6-4-2012");

Found : user_pref("CT2830765.DSChangedManually", true);

Found : user_pref("CT2830765.DSInstall", true);

Found : user_pref("CT2830765.DialogsAlignMode", "LTR");

Found : user_pref("CT2830765.DialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:07 GMT-0400 (Eastern Daylig[...]

Found : user_pref("CT2830765.DownloadReferralCookieData", "");

Found : user_pref("CT2830765.EnableClickToSearchBox", false);

Found : user_pref("CT2830765.EnableSearchHistory", false);

Found : user_pref("CT2830765.EnableSearchSuggest", false);

Found : user_pref("CT2830765.FirstServerDate", "8-3-2012");

Found : user_pref("CT2830765.FirstTime", true);

Found : user_pref("CT2830765.FirstTimeFF3", true);

Found : user_pref("CT2830765.FixPageNotFoundErrors", false);

Found : user_pref("CT2830765.GroupingServerCheckInterval", 1440);

Found : user_pref("CT2830765.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT2830765.HPInstall", true);

Found : user_pref("CT2830765.HasUserGlobalKeys", true);

Found : user_pref("CT2830765.HomePageProtectorEnabled", true);

Found : user_pref("CT2830765.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=[...]

Found : user_pref("CT2830765.Initialize", true);

Found : user_pref("CT2830765.InitializeCommonPrefs", true);

Found : user_pref("CT2830765.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT2830765.InstallationId", "ConduitNSISIntegration");

Found : user_pref("CT2830765.InstallationType", "ConduitXPEIntegration");

Found : user_pref("CT2830765.InstalledDate", "Thu Mar 08 2012 02:43:23 GMT-0500 (Eastern Standard Time)");

Found : user_pref("CT2830765.IsAlertDBUpdated", true);

Found : user_pref("CT2830765.IsGrouping", false);

Found : user_pref("CT2830765.IsInitSetupIni", true);

Found : user_pref("CT2830765.IsMulticommunity", false);

Found : user_pref("CT2830765.IsOpenThankYouPage", false);

Found : user_pref("CT2830765.IsOpenUninstallPage", true);

Found : user_pref("CT2830765.IsProtectorsInit", true);

Found : user_pref("CT2830765.LanguagePackLastCheckTime", "Wed Apr 04 2012 22:06:51 GMT-0400 (Eastern Dayligh[...]

Found : user_pref("CT2830765.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT2830765.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT2830765.LastLogin_3.10.0.1", "Thu Apr 05 2012 18:06:46 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT2830765.LatestVersion", "3.10.0.1");

Found : user_pref("CT2830765.Locale", "en-us");

Found : user_pref("CT2830765.MCDetectTooltipHeight", "83");

Found : user_pref("CT2830765.MCDetectTooltipShow", false);

Found : user_pref("CT2830765.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT2830765.MCDetectTooltipWidth", "295");

Found : user_pref("CT2830765.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT2830765.OriginalFirstVersion", "3.10.0.1");

Found : user_pref("CT2830765.SavedHomepage", "hxxp://www.google.com/");

Found : user_pref("CT2830765.SearchBackToDefaultEngine", false);

Found : user_pref("CT2830765.SearchCaption", "Bitlord 1.2 Customized Web Search");

Found : user_pref("CT2830765.SearchEngineBeforeUnload", "Bitlord 1.2 Customized Web Search");

Found : user_pref("CT2830765.SearchFromAddressBarIsInit", true);

Found : user_pref("CT2830765.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT283[...]

Found : user_pref("CT2830765.SearchInNewTabEnabled", true);

Found : user_pref("CT2830765.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT2830765.SearchInNewTabLastCheckTime", "Wed Apr 04 2012 22:06:45 GMT-0400 (Eastern Dayli[...]

Found : user_pref("CT2830765.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT2830765.SearchInNewTabUserEnabled", false);

Found : user_pref("CT2830765.SearchProtectorEnabled", false);

Found : user_pref("CT2830765.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT2830765.SendProtectorDataViaLogin", true);

Found : user_pref("CT2830765.ServiceMapLastCheckTime", "Tue Apr 03 2012 01:19:22 GMT-0400 (Eastern Daylight [...]

Found : user_pref("CT2830765.SettingsLastCheckTime", "Thu Apr 05 2012 13:11:18 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("CT2830765.SettingsLastUpdate", "1332164605");

Found : user_pref("CT2830765.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=13");

Found : user_pref("CT2830765.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT2830765.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 13:20:51 GMT-0400 (Eastern Day[...]

Found : user_pref("CT2830765.ThirdPartyComponentsLastUpdate", "1312887586");

Found : user_pref("CT2830765.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT2830765.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2830765");

Found : user_pref("CT2830765.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT2830765.UserID", "UN26384125765688526");

Found : user_pref("CT2830765.ValidationData_Toolbar", 0);

Found : user_pref("CT2830765.alertChannelId", "1222832");

Found : user_pref("CT2830765.approveUntrustedApps", false);

Found : user_pref("CT2830765.autoDisableScopes", -1);

Found : user_pref("CT2830765.components.129360156979906390", false);

Found : user_pref("CT2830765.components.129360157920531315", false);

Found : user_pref("CT2830765.components.129373346914725908", false);

Found : user_pref("CT2830765.components.129382176415350348", false);

Found : user_pref("CT2830765.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT2830765.globalFirstTimeInfoLastCheckTime", "Thu Mar 29 2012 13:21:06 GMT-0400 (Eastern [...]

Found : user_pref("CT2830765.homepageProtectorEnableByLogin", true);

Found : user_pref("CT2830765.initDone", true);

Found : user_pref("CT2830765.isAppTrackingManagerOn", true);

Found : user_pref("CT2830765.isSearchProtectorNotifyChanges", false);

Found : user_pref("CT2830765.myStuffEnabled", true);

Found : user_pref("CT2830765.myStuffPublihserMinWidth", 400);

Found : user_pref("CT2830765.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT2830765.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT2830765.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT2830765.navigateToUrlOnSearch", false);

Found : user_pref("CT2830765.oldAppsList", "129331842495825790,129331842496294546,111,129360156979906390,129[...]

Found : user_pref("CT2830765.revertSettingsEnabled", false);

Found : user_pref("CT2830765.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT2830765.searchProtectorEnableByLogin", true);

Found : user_pref("CT2830765.testingCtid", "");

Found : user_pref("CT2830765.toolbarAppMetaDataLastCheckTime", "Thu Apr 05 2012 16:15:39 GMT-0400 (Eastern D[...]

Found : user_pref("CT2830765.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 13:21:08 GMT-0400 (Eastern D[...]

Found : user_pref("CT2830765.usageEnabled", false);

Found : user_pref("CT2830765.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2830765&Search[...]

Found : user_pref("CommunityToolbar.ConduitSearchList", "Bitlord 1.2 Customized Web Search");

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2830765/CT2830765[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1222832/1218505/US", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2830765", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2830765",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\best buy\\AppData\\Roaming\\Mozilla[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Found : user_pref("CommunityToolbar.ToolbarsList", "CT2830765");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2830765");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2830765");

Found : user_pref("CommunityToolbar.globalUserId", "3fd88372-6096-4a2c-a0e4-506a53d1d834");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:0[...]

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 03 2012 21:17:44 GMT-040[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 05 2012 16:15:32 GMT-0400 (E[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "2a4933c2-4f9a-4add-8da4-b3812b20cfa6");

Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");

Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Ask.com");

Found : user_pref("browser.search.defaultthis.engineName", "Bitlord 1.2 Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&Sea[...]

Found : user_pref("browser.search.order.1", "Ask.com");

Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Found : user_pref("extensions.vshare@toolbar.install-event-fired", true);

Found : user_pref("vshare.install.date", "1287100800000");

Found : user_pref("vshare.install.finished", "1.0.0");

Found : user_pref("vshare.install.guid", "{238c7d42-0e66-4298-aa0a-f2d06150015f}");

Found : user_pref("vshare.install.isDisabled", true);

Found : user_pref("vshare.install.isHidden", true);

Found : user_pref("vshare.install.laststatreq", "1287360000000");

Found : user_pref("vshare.install.newtab", false);

 

-\\ Google Chrome v21.0.1180.89

 

File : C:\Users\best buy\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Found [l.12] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",

Found [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]

Found [l.58] : icon_url = "hxxp://search.conduit.com/fav.ico",

Found [l.61] : keyword = "search.conduit.com",

Found [l.64] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2830765",

Found [l.65] : suggest_url = "hxxp://search.conduit.com/"

Found [l.1178] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",

Found [l.1603] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]

 

*************************

 

AdwCleaner[R1].txt - [18437 octets] - [23/09/2012 21:55:52]

 

########## EOF - C:\AdwCleaner[R1].txt - [18498 octets] ##########

Link to comment
Share on other sites

Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Link to comment
Share on other sites

Security Check Log:

 

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 6 Update 20

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

IObit IObit Malware Fighter IMFsrv.exe

IObit IObit Malware Fighter IMF.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

Link to comment
Share on other sites

MBAM Log:

 

Malwarebytes Anti-Malware 1.65.0.1400

http://www.malwarebytes.org

 

Database version: v2012.09.24.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

best buy :: BESTBUY-PC [administrator]

 

9/23/2012 10:01:03 PM

mbam-log-2012-09-23 (22-01-03).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221260

Time elapsed: 4 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 3

C:\Windows\Installer\{59c4009a-bb79-5557-0cb6-c69f36201538}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{59c4009a-bb79-5557-0cb6-c69f36201538}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{59c4009a-bb79-5557-0cb6-c69f36201538}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

 

(end)

 

 

And restarting, since MBAM demands it

Link to comment
Share on other sites

Remove the Adware log:

 

# AdwCleaner v2.003 - Logfile created 09/23/2012 at 22:22:52

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : best buy - BESTBUY-PC

# Boot Mode : Normal

# Running from : C:\Users\best buy\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Askcom.xml

File Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\searchplugins\Conduit.xml

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\vShare

Folder Deleted : C:\Users\best buy\AppData\Local\Conduit

Folder Deleted : C:\Users\best buy\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\best buy\AppData\LocalLow\vShare

Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\ConduitCommon

Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\CT2830765

Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}

Folder Deleted : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\extensions\vshare@toolbar

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\vShare

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2830765

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}

Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol

Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1

Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers

Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7601.17514

 

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v15.0.1 (en-US)

 

Profile name : default

File : C:\Users\best buy\AppData\Roaming\Mozilla\Firefox\Profiles\1o94xptm.default\prefs.js

 

Deleted : user_pref("CT2830765..clientLogIsEnabled", true);

Deleted : user_pref("CT2830765..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2830765..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2830765.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2830765.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2830765.AppTrackingLastCheckTime", "Tue Apr 03 2012 01:19:23 GMT-0400 (Eastern Daylight[...]

Deleted : user_pref("CT2830765.BrowserCompStateIsOpen_8321965553382844501", true);

Deleted : user_pref("CT2830765.CTID", "CT2830765");

Deleted : user_pref("CT2830765.CurrentServerDate", "6-4-2012");

Deleted : user_pref("CT2830765.DSChangedManually", true);

Deleted : user_pref("CT2830765.DSInstall", true);

Deleted : user_pref("CT2830765.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2830765.DialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:07 GMT-0400 (Eastern Daylig[...]

Deleted : user_pref("CT2830765.DownloadReferralCookieData", "");

Deleted : user_pref("CT2830765.EnableClickToSearchBox", false);

Deleted : user_pref("CT2830765.EnableSearchHistory", false);

Deleted : user_pref("CT2830765.EnableSearchSuggest", false);

Deleted : user_pref("CT2830765.FirstServerDate", "8-3-2012");

Deleted : user_pref("CT2830765.FirstTime", true);

Deleted : user_pref("CT2830765.FirstTimeFF3", true);

Deleted : user_pref("CT2830765.FixPageNotFoundErrors", false);

Deleted : user_pref("CT2830765.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2830765.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2830765.HPInstall", true);

Deleted : user_pref("CT2830765.HasUserGlobalKeys", true);

Deleted : user_pref("CT2830765.HomePageProtectorEnabled", true);

Deleted : user_pref("CT2830765.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=[...]

Deleted : user_pref("CT2830765.Initialize", true);

Deleted : user_pref("CT2830765.InitializeCommonPrefs", true);

Deleted : user_pref("CT2830765.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2830765.InstallationId", "ConduitNSISIntegration");

Deleted : user_pref("CT2830765.InstallationType", "ConduitXPEIntegration");

Deleted : user_pref("CT2830765.InstalledDate", "Thu Mar 08 2012 02:43:23 GMT-0500 (Eastern Standard Time)");

Deleted : user_pref("CT2830765.IsAlertDBUpdated", true);

Deleted : user_pref("CT2830765.IsGrouping", false);

Deleted : user_pref("CT2830765.IsInitSetupIni", true);

Deleted : user_pref("CT2830765.IsMulticommunity", false);

Deleted : user_pref("CT2830765.IsOpenThankYouPage", false);

Deleted : user_pref("CT2830765.IsOpenUninstallPage", true);

Deleted : user_pref("CT2830765.IsProtectorsInit", true);

Deleted : user_pref("CT2830765.LanguagePackLastCheckTime", "Wed Apr 04 2012 22:06:51 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref("CT2830765.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2830765.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2830765.LastLogin_3.10.0.1", "Thu Apr 05 2012 18:06:46 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT2830765.LatestVersion", "3.10.0.1");

Deleted : user_pref("CT2830765.Locale", "en-us");

Deleted : user_pref("CT2830765.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2830765.MCDetectTooltipShow", false);

Deleted : user_pref("CT2830765.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2830765.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2830765.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2830765.OriginalFirstVersion", "3.10.0.1");

Deleted : user_pref("CT2830765.SavedHomepage", "hxxp://www.google.com/");

Deleted : user_pref("CT2830765.SearchBackToDefaultEngine", false);

Deleted : user_pref("CT2830765.SearchCaption", "Bitlord 1.2 Customized Web Search");

Deleted : user_pref("CT2830765.SearchEngineBeforeUnload", "Bitlord 1.2 Customized Web Search");

Deleted : user_pref("CT2830765.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2830765.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT283[...]

Deleted : user_pref("CT2830765.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2830765.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2830765.SearchInNewTabLastCheckTime", "Wed Apr 04 2012 22:06:45 GMT-0400 (Eastern Dayli[...]

Deleted : user_pref("CT2830765.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2830765.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT2830765.SearchProtectorEnabled", false);

Deleted : user_pref("CT2830765.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2830765.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT2830765.ServiceMapLastCheckTime", "Tue Apr 03 2012 01:19:22 GMT-0400 (Eastern Daylight [...]

Deleted : user_pref("CT2830765.SettingsLastCheckTime", "Thu Apr 05 2012 13:11:18 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref("CT2830765.SettingsLastUpdate", "1332164605");

Deleted : user_pref("CT2830765.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=13");

Deleted : user_pref("CT2830765.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2830765.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 13:20:51 GMT-0400 (Eastern Day[...]

Deleted : user_pref("CT2830765.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT2830765.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2830765.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2830765");

Deleted : user_pref("CT2830765.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2830765.UserID", "UN26384125765688526");

Deleted : user_pref("CT2830765.ValidationData_Toolbar", 0);

Deleted : user_pref("CT2830765.alertChannelId", "1222832");

Deleted : user_pref("CT2830765.approveUntrustedApps", false);

Deleted : user_pref("CT2830765.autoDisableScopes", -1);

Deleted : user_pref("CT2830765.components.129360156979906390", false);

Deleted : user_pref("CT2830765.components.129360157920531315", false);

Deleted : user_pref("CT2830765.components.129373346914725908", false);

Deleted : user_pref("CT2830765.components.129382176415350348", false);

Deleted : user_pref("CT2830765.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2830765.globalFirstTimeInfoLastCheckTime", "Thu Mar 29 2012 13:21:06 GMT-0400 (Eastern [...]

Deleted : user_pref("CT2830765.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2830765.initDone", true);

Deleted : user_pref("CT2830765.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2830765.isSearchProtectorNotifyChanges", false);

Deleted : user_pref("CT2830765.myStuffEnabled", true);

Deleted : user_pref("CT2830765.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2830765.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2830765.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2830765.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2830765.navigateToUrlOnSearch", false);

Deleted : user_pref("CT2830765.oldAppsList", "129331842495825790,129331842496294546,111,129360156979906390,129[...]

Deleted : user_pref("CT2830765.revertSettingsEnabled", false);

Deleted : user_pref("CT2830765.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2830765.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2830765.testingCtid", "");

Deleted : user_pref("CT2830765.toolbarAppMetaDataLastCheckTime", "Thu Apr 05 2012 16:15:39 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2830765.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 13:21:08 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT2830765.usageEnabled", false);

Deleted : user_pref("CT2830765.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2830765&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Bitlord 1.2 Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2830765/CT2830765[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1222832/1218505/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2830765", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2830765",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\best buy\\AppData\\Roaming\\Mozilla[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2830765");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2830765");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2830765");

Deleted : user_pref("CommunityToolbar.globalUserId", "3fd88372-6096-4a2c-a0e4-506a53d1d834");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 29 2012 13:21:0[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 03 2012 21:17:44 GMT-040[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 05 2012 16:15:32 GMT-0400 (E[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "2a4933c2-4f9a-4add-8da4-b3812b20cfa6");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.defaultthis.engineName", "Bitlord 1.2 Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2830765&Sea[...]

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

Deleted : user_pref("extensions.vshare@toolbar.install-event-fired", true);

Deleted : user_pref("vshare.install.date", "1287100800000");

Deleted : user_pref("vshare.install.finished", "1.0.0");

Deleted : user_pref("vshare.install.guid", "{238c7d42-0e66-4298-aa0a-f2d06150015f}");

Deleted : user_pref("vshare.install.isDisabled", true);

Deleted : user_pref("vshare.install.isHidden", true);

Deleted : user_pref("vshare.install.laststatreq", "1287360000000");

Deleted : user_pref("vshare.install.newtab", false);

 

-\\ Google Chrome v21.0.1180.89

 

File : C:\Users\best buy\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.12] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",

Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]

Deleted [l.58] : icon_url = "hxxp://search.conduit.com/fav.ico",

Deleted [l.61] : keyword = "search.conduit.com",

Deleted [l.64] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2830765",

Deleted [l.65] : suggest_url = "hxxp://search.conduit.com/"

Deleted [l.1178] : homepage = "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48",

Deleted [l.1603] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2830765&SearchSource=48" ]

 

*************************

 

AdwCleaner[R1].txt - [18562 octets] - [23/09/2012 21:55:52]

AdwCleaner[R2].txt - [18623 octets] - [23/09/2012 22:22:27]

AdwCleaner[s1].txt - [19266 octets] - [23/09/2012 22:22:52]

 

########## EOF - C:\AdwCleaner[s1].txt - [19327 octets] ##########

Link to comment
Share on other sites

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

**************************************************

I'm required to give you this warning.

 

It appears your system is infected with a rootkit. A rootkit is a powerful piece of malware, that allows hackers full control over your computer for means of sending attacks over the Internet, or using your computer to generate revenue.

 

Malware experts have recommended that we make it clear that with the system under control of a hacker, your computer might become impossible to clean 100%.

 

Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your antivirus and security tools to prevent detection and removal. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is sent back to the hacker. To learn more about these types of infections, you can refer to:

 

What danger is presented by rootkits?

Rootkits and how to combat them

r00tkit Analysis: What Is A Rootkit

 

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

What Should I Do If I've Become A Victim Of Identity Theft?

Identity Theft Victims Guide - What to do

It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot

be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety. Making this decision is based on what the computer is used for, and what information can be accessed from it. For more information, please read these references very carefully:

When should I re-format? How should I reinstall?

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

Where to draw the line? When to recommend a format and reinstall?

 

Guides for format and reinstall:

 

how-to-reformat-and-reinstall-your-operating-system-the-easy-way

 

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.

If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

 

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Link to comment
Share on other sites

Dave--

 

I would like to reformat. However, I'm not sure I have the OS discs -- my machine was bought second hand, and I've moved twice since I got it. Any suggestions? I do still have my key, at least.

 

According to your self-reported details in your Member CP (Control Panel):OS:

win8

security software: malware bytes?

Iobit software: I don't know

hardware: No idea

 

It is interesting and disturbing that you have self-reported that you are running Win8! You will have to contact Microsoft and plead your case if you wish to get recovery from them.

 

Sorry to intrude Dave.

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites

Just finished a system restore, and ran Adware again: # AdwCleaner v2.003 - Logfile created 09/25/2012 at 00:11:40

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : Daniella - DANIELLA-PC

# Boot Mode : Normal

# Running from : C:\Users\Daniella\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\ProgramData\~0

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.7600.16385

 

[OK] Registry is clean.

 

-\\ Google Chrome v21.0.1180.89

 

File : C:\Users\Daniella\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [690 octets] - [25/09/2012 00:11:40]

 

########## EOF - C:\AdwCleaner[R1].txt - [749 octets] ##########

Link to comment
Share on other sites

Mbam log:

 

 

Malwarebytes Anti-Malware 1.65.0.1400

http://www.malwarebytes.org

 

Database version: v2012.09.25.02

 

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Daniella :: DANIELLA-PC [administrator]

 

9/25/2012 12:16:33 AM

mbam-log-2012-09-25 (00-16-33).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 195872

Time elapsed: 2 minute(s), 12 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to comment
Share on other sites

However, ASUS laptops offer a recovery partition -- what about using that? Or would that also have been attacked by the rootkit?

That Recovery Console will bring your computer back to the day you took it out of the box.

Save your important data and do the Recovery. Scan your data before you put it back on the computer with at least two up-to-date Anti-virus programs.

Link to comment
Share on other sites

How do I keep this from happening again, or is that another forum?

You're welcome. Here's some protection information.

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

There's also some good information here.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...