:( Virus?

View previous topic View next topic Go down

:( Virus?

Post by Danimal on Fri Apr 11, 2014 6:30 pm

My google chrome would literally stop working after browsing for 15-20 minutes. Virus?


# AdwCleaner v3.023 - Report created 11/04/2014 at 11:29:26
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Daniel - DANIEL-PC
# Running from : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Windows\System32\dmwu.exe
File Found : C:\Windows\System32\ImhxxpComm.dll
Folder Found : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Folder Found : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Daniel\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Daniel\AppData\Local\Conduit
Folder Found C:\Users\Daniel\AppData\Local\Temp\SweetPacks
Folder Found C:\Users\Daniel\AppData\Local\visi_coupon
Folder Found C:\Users\Daniel\AppData\Local\WordLayers
Folder Found C:\Users\Daniel\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Daniel\AppData\LocalLow\Conduit
Folder Found C:\Users\Daniel\AppData\LocalLow\PriceGong
Folder Found C:\Users\Daniel\AppData\LocalLow\SweetPacks
Folder Found C:\Windows\System32\ljkb
Folder Found C:\Windows\SysWOW64\AI_RecycleBin
Folder Found C:\Windows\SysWOW64\ARFC
Folder Found C:\Windows\SysWOW64\jmdp
Folder Found C:\Windows\SysWOW64\WNLT

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\AppDataLow\Software\SweetPacks
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA48FF6D-1900-4A6E-839D-9ECDBB5F4CCD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFD32841-EE94-4508-B662-74B67266C3AF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_qq-messenger_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_qq-messenger_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SweetPacks
Key Found : HKLM\Software\SweetPacks
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkSwift
Key Found : [x64] HKLM\SOFTWARE\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\8xxcqxvd.default\prefs.js ]

Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12593 octets] - [11/04/2014 11:29:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12654 octets] ##########


Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2014.04.11.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17041
Daniel :: DANIEL-PC [administrator]

4/11/2014 11:17:41 AM
mbam-log-2014-04-11 (11-17-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 283031
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Last edited by Danimal on Fri Apr 11, 2014 6:32 pm; edited 1 time in total

Danimal
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : PC Vista
Protection Protection : McAfee
Points Points : 29117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :( Virus?

Post by Danimal on Fri Apr 11, 2014 6:31 pm

Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Trend Micro Titanium Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Out of date Malwarebytes Anti-Malware installed!
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 12.0.0.77
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.4.0)
Google Chrome 33.0.1750.154
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Danimal
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : PC Vista
Protection Protection : McAfee
Points Points : 29117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :( Virus?

Post by Superdave on Fri Apr 11, 2014 7:18 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.  

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The log shows that you have two AV's on your computer. AVG AntiVirus Free Edition 2014 or Trend Micro Titanium Internet Security will have to be de-activated. Only on AV active on a computer at any time

Remove the Adware:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.]link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Please update and run MBAM again and post the new log.

*********************************************
Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

**************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :( Virus?

Post by Danimal on Fri Apr 11, 2014 8:21 pm

# AdwCleaner v3.023 - Report created 11/04/2014 at 13:17:11
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Daniel - DANIEL-PC
# Running from : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
[!] Folder Deleted : C:\Users\Daniel\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Daniel\AppData\Local\Conduit
Folder Deleted : C:\Users\Daniel\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Daniel\AppData\Local\WordLayers
Folder Deleted : C:\Users\Daniel\AppData\Local\Temp\SweetPacks
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
File Deleted : C:\END
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_qq-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_qq-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFD32841-EE94-4508-B662-74B67266C3AF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA48FF6D-1900-4A6E-839D-9ECDBB5F4CCD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkSwift

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\8xxcqxvd.default\prefs.js ]

Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [12803 octets] - [11/04/2014 11:29:26]
AdwCleaner[R1].txt - [12864 octets] - [11/04/2014 13:16:25]
AdwCleaner[S0].txt - [12554 octets] - [11/04/2014 13:17:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12615 octets] ##########

Danimal
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : PC Vista
Protection Protection : McAfee
Points Points : 29117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :( Virus?

Post by Danimal on Fri Apr 11, 2014 8:39 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on Fri 04/11/2014 at 13:23:44.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFD6C74E-EDC1-47A4-9F60-89B3C07D5639}



~~~ Files

Successfully deleted: [File] "C:\Users\Daniel\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{0263A695-A4A1-422A-8558-A2F14B4DFAC8}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{027F16CC-9888-4663-B366-9B44B0B0E3F2}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{03E9AFEF-7270-464A-A69A-7733E32DE5F7}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{06C3BCB8-9E98-463C-B67D-04FC02276A91}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{0CD474A1-6046-4501-BD1D-E7FD42C7D433}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1001BA9E-4FEE-4593-A027-B37F9114B153}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{11B8F2CE-5A15-4A2F-B36E-EE0B8B6BAC76}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{11C12100-5AC4-4E6B-9ADD-824E7339DB6C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{146CFA94-9F7F-4182-A825-708C49C1C09F}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{175170A0-C244-499D-89BF-1AAE5992CA82}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1897A633-4E3B-44AE-858C-0B1FF44DCBC3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{1E3B99CA-00C6-43D4-BB75-81779AA895EC}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{225173D1-A824-4E87-B56F-78DFF0D3E416}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{2834DA55-404E-4A78-BD8C-3986C1D649AF}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{313EA23B-972B-428D-B62A-5F8384AE9D7F}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{36537877-7ECC-41B3-A694-A3B175F415DF}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{39892397-4037-4040-AE1E-44C19B513E31}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{3EA3555C-C829-4A8A-853A-DEBE0C300B33}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{41A1697A-AA81-4D69-BBD8-B1BA31AD780D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{44892C38-69D0-4B61-A6E5-739E18BD0B72}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{46D4A203-4826-4DE4-B99C-576209FB6FA6}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4B8056EB-957B-414F-991A-64162E58B7FC}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4CF52DEA-476D-4A19-979B-53555337BE01}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4E485EA3-79FF-4EA4-8CFA-0D9AECA6B9D1}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4EE8630F-8D22-436F-BC85-C9DDA6D7CBCF}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{4F96EF2B-C88A-43B5-84AC-6C2698D21ED8}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{512326E6-6DCB-458E-9E79-E25251E8B952}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{534F1149-96CA-40B2-874E-C89600C39A4D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{5C3C35E7-E0A9-404D-A893-F151DC87471B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{5DB76218-469B-40C3-B41D-1A9B052BB326}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{5ECABDAE-A1AA-433D-B389-501A33FF0A3B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{62316388-3D52-4714-A504-3F4A7D0FAD05}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{65BE1642-6DB2-48FF-A885-9AD2F9C53AA1}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{77849043-9F00-4346-984E-17EA02895045}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{78A81ADE-2AF8-478E-A38F-C366CD864542}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{7B444EC3-30B3-4027-97B3-8B823DEBED0E}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{89671300-2751-44CB-9EE8-D3C7CE7BB649}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{8BACB0F6-0435-4578-9406-B630BDC6FB7C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{91C5A7E5-433B-42D7-A0D7-93A3D3F761F7}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{91D7F9CB-58EF-4504-88A7-E47B74BC2DF5}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{9A337A38-EA8C-49C5-9F1D-631BAE9D1433}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{A9E0DC61-8A4F-4BF0-B800-A91BE60E0ED3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{AEC848F5-7EF9-4DD6-AC0E-88D066634EA4}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B02F2CD7-B90C-4734-ABED-A624EC04DA11}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B299764E-F2AB-4183-95C4-3C6E4CBFFBA3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{B550DE11-FC8B-4C32-9247-768AFEC1A24D}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C8641ACF-5835-485D-B172-D81FC0D36D92}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C96212D1-BDED-4FE4-B133-B306A3679B97}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{CF322147-D1F3-4282-8238-A9BBA324D50C}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{D1F99CAC-B873-480E-8473-8DA79693C00A}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{DDF647E0-D700-49D7-A7E5-CEBA43D2D23F}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{DF5F5F94-C0F2-46D2-B6B7-DF6C9603E3B3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{E4A3C857-3015-4F07-95CA-70CCD708A2AE}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{E6B42A05-62A2-42F3-9745-6AB81BC4ECE3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{E8986275-027C-44F5-970C-17134DF48B1F}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{EA93056C-B258-48F3-A526-434C33FDAB16}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{EE7FBE44-EC1D-4587-B614-C096F5269510}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{F4BAF970-9523-4D18-9FBB-833D9CCD8F34}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{F6F8A534-9320-4017-83B4-8EA97E804B60}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{F76A37BD-FBBC-43FA-9EF2-55D81436CA54}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{F952CC86-4CC0-4037-9BE3-4F66948FFA5B}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{FB8EBF9E-4EEF-4ECE-B6FA-B4B7CC1E5E2A}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{FE547FBD-20E1-4AAE-B854-71929F4DEBA8}



~~~ FireFox

Successfully deleted the following from C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\8xxcqxvd.default\prefs.js

user_pref("avg.install.extHomepage", "hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B989043ef-fabf-4fe6-a31a-f20dc1ac359a%7D&mid=d33a12b3384b47d1859931f0e37fd130-b516cd00e1
user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com?pid=safeguard&sg=0&cid=%7B989043ef-fabf-4fe6-a31a-f20dc1ac359a%7D&mid=d33a12b3384b47d1859931f0e37fd130-b516cd00e
user_pref("keyword.URL", "hxxp://mysearch.avg.com/search?pid=safeguard&sg=0&cid=%7B989043ef-fabf-4fe6-a31a-f20dc1ac359a%7D&mid=d33a12b3384b47d1859931f0e37fd130-b516cd00e165055
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\8xxcqxvd.default\minidumps [2 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Daniel\appdata\local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\odpccdgkmiicgocepijnaeihjnjnomca



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/11/2014 at 13:33:44.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Danimal
Intermediate
Intermediate

Posts Posts : 109
Joined Joined : 2009-03-03
Gender Gender : Male
OS OS : PC Vista
Protection Protection : McAfee
Points Points : 29117
# Likes # Likes : 0

View user profile

Back to top Go down

Re: :( Virus?

Post by Superdave on Fri Apr 11, 2014 11:09 pm

I need to see the MBAM Anti-rootkit log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83171
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum