How to remove Avast?

[givemeabreak]

Ok, first, my computer OS is Windows 7 prof. edition.

Several months ago I mistakenly installed Avast. It caused me a lot of headache. Later I attempted to uninstall it but it refused to be uninstalled.
A few week ago it still showed installed from Window's (Un)installed Program list, and the uninstall failed to uninstall it as mentioned above. Recently, Avast is no longer on the installed program list, however, it's still in registry, and I'm unable to remove its entire installation neither.

A few days I installed another AV program, during the installation it detected Avast and it attempted to remove Avast with my permission, however, it failed to do so. Initially the new AV program worked but upon reboot, this new AV is unable to launch. I'm not sure if Avast is creating problems or some other nasty malware on my computer prevents the new AV program.

As I recall quite a few year ago there's some sort of "dsl" forum something that offers super good advice on dealing with nasty things... oh, hijackthis, where is it now? Anyway, is there any really really good AV software that truly protect our interest (no backdoor crap, look, I don't even mind big brother looking over shoulders but I hate, I absolutely hate anyone causing problem for me, those fu??? EVIL bastards crashed my computer almost every other day... mother fu? souless mf... sorry, I'm just mad.

 

[voyagerfan99]

Sorry to hear you had issues with Avast. There's an uninstall utility provided by Avast you can run. You can find it here: http://www.avast.com/en-us/uninstall-utility

 

[givemeabreak]

@voyagerfan99, thanks for the link, that utility removed Avast.

In the meantime, the new AV still won't launch. I suspect that some powerful malware is still running on my computer.

 

[voyagerfan99]

Go into the security section of the forum and perform the steps listed in the sticky to run JRT, ADWcleaner, MalwareBytes, and post an OTL log.

 

[givemeabreak]

OK, I've run all these three tools. They seemed to have removed some garbage, in the meantime, the new AV still failed to start.

Also, here's a side note:
Whoever owns phone # 540-818-5621 is a ****ing rat!
This number keeps on harassing me, I talked to a cop the other day and she
said they spoke Spanish and didn't understand, now it's seems total BS!
Because this number is not blockable, it beeps my phone # randomly and did all sorts of other ****ing aggrevating shit, the owner is sophisticated ****ing ass, not illiterate illegal who does not speak a word of English as the cop pretended... these fm are so ****ihng EVIL, go to hell!!!

Now, I'll post log files from two programs first, the log file from JRT is missing.

I did not expect during the process the computer rebooted and too bad I left the log output of JRT on the screen.
Ran a quick search for JRT and Junkware removal tool couldn't find its installation folder hence, its log file... So, where could I find its log file?

Note: I changed [myUserName] to [justme] in the log files

# AdwCleaner v3.208 - Report created 13/05/2014 at 17:33:22
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : justme - justme-THINK
# Running from : C:\Users\justme\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Updater Service for AMZN

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Users\justme\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\justme\AppData\Local\blekkotb
Folder Deleted : C:\Users\justme\AppData\Local\Conduit
Folder Deleted : C:\Users\justme\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\justme\AppData\Local\PackageAware
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\justme\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Deleted : C:\Users\justme\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
[!] Folder Deleted : C:\Users\justme\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
[!] Folder Deleted : C:\Users\justme\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com

Toolbar\More Inbox.com Products.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com

Toolbar\Toolbar Help.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\kdcnnmifdmlmjffdgeieikcokcogpbej
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKCU\Software\Google\Chrome\Extensions

\lonndllmbldmmoefheenkmgkencnkdkh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions

\lonndllmbldmmoefheenkmgkencnkdkh
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-

AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-

9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-

1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-

B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-

C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-

BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-

B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-

9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-

3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-

328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-

D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-

B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-

4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320

-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-

4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-

9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sdddfu6n.default

\prefs.js ]


[ File : C:\Users\justme\AppData\Roaming\Mozilla\Firefox\Profiles\juvvssqi.default\prefs.js ]

Line Deleted : user_pref("CT3284668_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":

\"loading toolbar\",\"time\":1366480852569,\"isWithState\":\"\",\"timeFromStart\":0,

\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":

\"loading toolbar\",\"time\":1364478664370,\"isWithState\":\"\",\"timeFromStart\":0,

\"timeFromPrev\":0}]");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : lonndllmbldmmoefheenkmgkencnkdkh
Deleted [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

[ File : C:\Users\justme\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.searchqu.com/web?

src=crb&appid=164&systemid=406&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://www.ecampus.com/search-results.asp?terms=

{searchTerms}
Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://blekko.com/?

source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201205228B9A4E119891955F53EEBF0E&

q={searchTerms}
Deleted [Search Provider] : hxxp://blekko.com/?

source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=2012022089164E1E80C5F5AE8818B969&

q={searchTerms}
Deleted [Search Provider] : hxxp://partner37.mydomainadvisor.com/wsearch.php?

lg=US&tbtype=vmn-blekkotb-1_0_1_32-mn-antiphishing_dn-

rp&qs=06oENya4ZG1YS6vOLJwpLiFdjG91ICdfbTStPz93Kc-

uBIbT6A07yMUvPLnbplyGgb8owsUwgTgJDfTezyJ2-

C7RMwuk2XoZyFwPLxSIGhTKNFu6E5QLE2vdTaiT5ZN5kIz-N2gHxIieWaLbt-

4relR7UT6k3m6keYdJq_fM_H5I1D2fxoqKyN2aumWyzbE4Ah6mAZ80pt3mHlv6V6Q_Daee9IrK2w

LLSmevGKyxV2oEN72dNK19qLOsFwGyugFr4Yp-

D7fuxkWT8rCEZfEI8eOUzy7qJCtq5WoOtim5QJSp7UDfOoMM9aEuenddKXQ_EBDAPwYvv2iMd9g

KGflHk1S4ytz32WYkl4dbbERRW_2VPxohpQIebXn3cdjS02CWevkaySa4e-

W44I31Ex9jbOsAlLztLvON0q%2CYT0zO2s9MzU7aD1iMDRiMjIwNWVhMzRiOWYx&q=

{searchTerms}&sub=search
Deleted [Search Provider] : hxxp://www.amazon.com/websearch/ref=bit_bds-

p18_serp_cr_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-

18_96eacab5ceac4afd9a4b3bca4ea2a965_18_38_20130530_US_cr_ds_OC1&tag=bds-p18-

serp-us-cr-21&query={searchTerms}
Deleted [Search Provider] :

hxxp://us.yhs4.search.yahoo.com/yhs/errorhandler;_ylt=A0oG7qERoORQOTwAgOVkmolQ?

p={searchTerms}&fr2=sb-top&hspart=visicom&hsimp=yhse-

visicom&type=vmn__blekkotb__1_0_1_32__yhse__antiphishing_dn__rp&type_param=vmn__b

lekkotb__1_0_1_32__yhse__antiphishing_dn__rp
Deleted [Search Provider] : hxxp://www.loyola.edu/search-results.aspx?&q={searchTerms}

&t=-240
Deleted [Search Provider] : hxxp://css-tricks.com/search-results/?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : lonndllmbldmmoefheenkmgkencnkdkh
Deleted [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

*************************

AdwCleaner[R0].txt - [10766 octets] - [13/05/2014 17:00:00]
AdwCleaner[S0].txt - [10121 octets] - [13/05/2014 17:33:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10182 octets] ##########

# AdwCleaner v3.208 - Report created 13/05/2014 at 17:00:00
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : justme84 - justme84-THINK
# Running from : C:\Users\justme84\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Updater Service for AMZN

***** [ Files / Folders ] *****

File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Gophoto.it
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found : C:\Users\justme84\AppData\Local\AVG Security Toolbar
Folder Found : C:\Users\justme84\AppData\Local\blekkotb
Folder Found : C:\Users\justme84\AppData\Local\Conduit
Folder Found : C:\Users\justme84\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Found : C:\Users\justme84\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Found : C:\Users\justme84\AppData\Local\Google\Chrome\User Data\Default

\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Folder Found : C:\Users\justme84\AppData\Local\Google\Chrome\User Data\Default

\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Folder Found : C:\Users\justme84\AppData\Local\Ilivid Player
Folder Found : C:\Users\justme84\AppData\Local\PackageAware

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com

Toolbar\More Inbox.com Products.lnk ( /showurl hxxp://www.inbox.com/products/ )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com

Toolbar\Toolbar Help.lnk ( /showurl hxxp://www.inbox.com/help/default.aspx?src=TbMenu )

***** [ Registry ] *****

Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Key Found : HKCU\Software\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Key Found : HKCU\Software\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-

4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06

-B743-4D19-86B9-11DC711D7FFB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-

3717-4BE1-A225-04E4471F5B6E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-

328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-

D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-

B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\SearchCore for Browsers
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\Alexa Internet
Key Found : [x64] HKCU\Software\AVG Security Toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-

9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\SearchCore for Browsers
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-

9F516DD69829}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions

\lonndllmbldmmoefheenkmgkencnkdkh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions

\lonndllmbldmmoefheenkmgkencnkdkh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions

\lonndllmbldmmoefheenkmgkencnkdkh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved

\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-

4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-

9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-

B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\sdddfu6n.default

\prefs.js ]


[ File : C:\Users\justme84\AppData\Roaming\Mozilla\Firefox\Profiles\juvvssqi.default\prefs.js

]

Line Found : user_pref("CT3284668_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":

\"loading toolbar\",\"time\":1366480852569,\"isWithState\":\"\",\"timeFromStart\":0,

\"timeFromPrev\":0}]");
Line Found : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":

\"loading toolbar\",\"time\":1364478664370,\"isWithState\":\"\",\"timeFromStart\":0,

\"timeFromPrev\":0}]");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : lonndllmbldmmoefheenkmgkencnkdkh
Found [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

[ File : C:\Users\justme84\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.searchqu.com/web?

src=crb&appid=164&systemid=406&sr=0&q={searchTerms}
Found [Search Provider] : hxxp://www.ecampus.com/search-results.asp?terms=

{searchTerms}
Found [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
Found [Search Provider] : hxxp://blekko.com/?

source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201205228B9A4E119891955F53EEBF0E&

q={searchTerms}
Found [Search Provider] : hxxp://blekko.com/?

source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=2012022089164E1E80C5F5AE8818B969&

q={searchTerms}
Found [Search Provider] : hxxp://partner37.mydomainadvisor.com/wsearch.php?

lg=US&tbtype=vmn-blekkotb-1_0_1_32-mn-antiphishing_dn-

rp&qs=06oENya4ZG1YS6vOLJwpLiFdjG91ICdfbTStPz93Kc-

uBIbT6A07yMUvPLnbplyGgb8owsUwgTgJDfTezyJ2-

C7RMwuk2XoZyFwPLxSIGhTKNFu6E5QLE2vdTaiT5ZN5kIz-N2gHxIieWaLbt-

4relR7UT6k3m6keYdJq_fM_H5I1D2fxoqKyN2aumWyzbE4Ah6mAZ80pt3mHlv6V6Q_Daee9IrK2w

LLSmevGKyxV2oEN72dNK19qLOsFwGyugFr4Yp-

D7fuxkWT8rCEZfEI8eOUzy7qJCtq5WoOtim5QJSp7UDfOoMM9aEuenddKXQ_EBDAPwYvv2iMd9g

KGflHk1S4ytz32WYkl4dbbERRW_2VPxohpQIebXn3cdjS02CWevkaySa4e-

W44I31Ex9jbOsAlLztLvON0q%2CYT0zO2s9MzU7aD1iMDRiMjIwNWVhMzRiOWYx&q=

{searchTerms}&sub=search
Found [Search Provider] : hxxp://www.amazon.com/websearch/ref=bit_bds-

p18_serp_cr_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-

18_96eacab5ceac4afd9a4b3bca4ea2a965_18_38_20130530_US_cr_ds_OC1&tag=bds-p18-

serp-us-cr-21&query={searchTerms}
Found [Search Provider] :

hxxp://us.yhs4.search.yahoo.com/yhs/errorhandler;_ylt=A0oG7qERoORQOTwAgOVkmolQ?

p={searchTerms}&fr2=sb-top&hspart=visicom&hsimp=yhse-

visicom&type=vmn__blekkotb__1_0_1_32__yhse__antiphishing_dn__rp&type_param=vmn__b

lekkotb__1_0_1_32__yhse__antiphishing_dn__rp
Found [Search Provider] : hxxp://www.loyola.edu/search-results.aspx?&q={searchTerms}

&t=-240
Found [Search Provider] : hxxp://css-tricks.com/search-results/?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : lonndllmbldmmoefheenkmgkencnkdkh
Found [Extension] : pfmopbbadnfoelckkcmjjeaaegjpjjbk

*************************

AdwCleaner[R0].txt - [10588 octets] - [13/05/2014 17:00:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10649 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/13/2014
Scan Time: 6:54:43 PM
Logfile: malware-output.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.13.15
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: justme

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385827
Time Elapsed: 36 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-

3181E691AF2B}, , [8e65c38dcbb0c472922a4edff80a5ba5],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-

D2C8-4D4D-BB1C-3181E691AF2B}, , [8e65c38dcbb0c472922a4edff80a5ba5],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1

-9A0D0757A3B3}, , [8c67034d0f6cc86ef1cebe6f7092e020],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-

9D16-FC2E85CB201B}, , [8c67034d0f6cc86ef1cebe6f7092e020],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE

\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B}, , [8c67034d0f6cc86ef1cebe6f7092e020],
PUP.Optional.FaceThemes, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3F56272

-CDB4-4310-9BB1-9A0D0757A3B3}, , [8c67034d0f6cc86ef1cebe6f7092e020],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES

\SearchToolbarLib.CSearchToolbarImpl, , [787be66a93e8b284b6e4500bf40eee12],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\CLASSES

\SearchToolbarLib.CSearchToolbarImpl.1, , [a94aef61394273c31c7e312ad32f1ce4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES

\SearchToolbarLib.CSearchToolbarImpl, , [a94aef61394273c31c7e312ad32f1ce4],
PUP.Optional.SearchToolbar, HKLM\SOFTWARE\WOW6432NODE\CLASSES

\SearchToolbarLib.CSearchToolbarImpl.1, , [a94aef61394273c31c7e312ad32f1ce4],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-62368681-3386562447-3805219642-1006-

{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET

\ALEXA9\Amazon, , [a251a2ae215a4cea2cd38c28a95a7987],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-62368681-3386562447-3805219642-1010-

{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET

\ALEXA9\Amazon, , [02f1c48c1566ce6889762a8ad033b64a],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-62368681-3386562447-3805219642-500-

{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET

\ALEXA9\Amazon, , [22d1a6aa5b2067cfe21dbcf870934db3],
PUP.Optional.AmazonTB.A, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-

4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET

\ALEXA9\Amazon, , [a74c0d432457ca6ce718a90b48bb35cb],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.SolidSavings.A, C:\Users\justme\AppData\Local\Solid Savings, ,

[ad46dd7393e80e28c890710235cded13],

Files: 3
PUP.Optional.OpenCandy, C:\Users\justme\Downloads\dmge-latest.exe, ,

[7e7566ea4239ee48603ff872eb192bd5],
PUP.Optional.OptimumInstaller.A, C:\Users\justme\Downloads\Player-Chrome.exe, ,

[6d86fe52007bbf77fde5a7a57d848a76],
PUP.Soft32Downloader, C:\Users\justme\Downloads\outlook express setup.exe, ,

[da190f41b6c58aac1662d8304eb3e719],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[givemeabreak]

Ok, I've found the JRT log file. Here it is:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by justme on Tue 05/13/2014 at 16:46:41.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funmoods
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3284668
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287822
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_dspeech_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_dspeech_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_knowledge-notebook_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_knowledge-notebook_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dspeech_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_dspeech_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_knowledge-notebook_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_knowledge-notebook_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\justme\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\justme\AppData\Roaming\funmoods"
Successfully deleted: [Folder] "C:\Users\justme\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\justme\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\justme\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Users\justme\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\amazon browser bar"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\fbdownloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\inbox"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\oapps"
Successfully deleted: [Folder] "C:\Program Files (x86)\otshot"
Successfully deleted: [Folder] "C:\Program Files (x86)\search toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\fbdownloader@kmcore
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup
Successfully deleted the following from C:\Users\justme\AppData\Roaming\mozilla\firefox\profiles\juvvssqi.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3284668&CUI=UN10500196809042296&UM=2&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V8 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN13619576662195292&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN13619576662195292&UM=2&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");
user_pref("browser.search.defaultthis.engineName", "MixiDJ V8 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI=UN13619576662195292&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n \"google\" : {\n \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n \"rankometer\
user_pref("keyword.URL", "hxxp://www.amazon.com/websearch/ref=bit_bds-p18_serp_ff_us_display?ie=UTF8&tagbase=bds-p18&tbrId=v1_abb-channel-18_96eacab5ceac4afd9a4b3bca4ea2a965_1
user_pref("smartbar.machineId", "/JQEJ01USTRFMSVHSHD/XYP0OVLOXWXF6ZHYH5YU2OYVAKCIUXP6SFZAS4J+KYCGS4ME3RCERCW/QT6VAU6S2Q");

Emptied folder: C:\Users\justme\AppData\Roaming\mozilla\firefox\profiles\juvvssqi.default\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~
Scan was completed on Tue 05/13/2014 at 16:56:18.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

 

[voyagerfan99]

Okay....did you download and install/run Malwarebytes? That was the other program I asked you to run.

Also, no need to swear about how pissed off you are.

 

[johnb35]

Your logs aren't formatted correctly as they are gibberish, I will edit your post to make it more understandable.

Let me ask you this.

What problems were you having with Avast?
What antivirus program did you install?
Do you get any error messages when you try to open this new antivirus program?

 

[givemeabreak]

Okay....did you download and install/run Malwarebytes? That was the other program I asked you to run.

Also, no need to swear about how pissed off you are.

Sorry for being so mad. Yes, I ran Malwarebytes and I know where it's installed, however, it does not seem to have any log file under its installation, a quick look on my desktop didn't find an obvious one neither though part of the desktop is not available at the moment. Where can I find its log file? Thanks.

 

[givemeabreak]

Your logs aren't formatted correctly as they are gibberish, I will edit your post to make it more understandable.

I didn't know they look terrible, appreciate your formatting.

Let me ask you this.

What problems were you having with Avast?
What antivirus program did you install?
Do you get any error messages when you try to open this new antivirus program?

Regarding Avast, I roughly recall upon its installation a while ago my computer frequently crashed (the infamous blue dead screen), not sure what caused it, so, I felt uncomfortable with Avast, and attempted to uninstall via Windows built-in Uninstall program but it failed to do so... Honestly I really don't know if Avast is the perpetrator (I suspect some AV may be in bed with bad guys... or I could be wrong...)

Most recently I installed kaspersky, read great review about them, and this guy failed to launch even after running these three tools as suggested, with no err msg.

Also, I want to make sure that the very frequent crash isn't caused by hardware issue, so, I download seagate's tool to test my hard drive, result: it's good. btw, the laptop is about 5 years.

Something odd tho, the feeble and yet could be useful Windows Defender that comes with Windows 7 is unable to start neither.

Right now, I'm running Windows updates...

Thanks.

 

[voyagerfan99]

Sorry for being so mad. Yes, I ran Malwarebytes and I know where it's installed, however, it does not seem to have any log file under its installation, a quick look on my desktop didn't find an obvious one neither though part of the desktop is not available at the moment. Where can I find its log file? Thanks.

Go under History then choose Application Logs.

 

[johnb35]

I've edited the junkware log so that it looks better and readable. I will do the adwcleaner log when I have time. Have to leave for work in an hour and a half and have other things to get done before I leave.

One more scan to see if there is anything hidden.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

• The ComboFix log
• An update on how your computer is running

 

[givemeabreak]

Hi,

First a quick update of my computer status. After running the 3 recommended tools and installed BitDefender AV my computer has not crashed. Many thanks.

One thing that is a little unsettling about ComboFix is that it deleted about 5 of my own files, that is, these are files that I created by myself. Why?

And here's the ComboFix log (please note, I've edited [myUserName] to [justme] )


ComboFix 14-05-13.01 - justme 05/14/2014 17:52:28.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.1241 [GMT -4:00]
Running from: c:\users\justme\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1400034555.bdinstall.bin
c:\users\justme\1of3.txt
c:\users\justme\2013.ods
c:\users\justme\2013.txt
c:\users\justme\2013.xls
c:\users\justme\305.txt
c:\users\justme\5_cn.png
c:\users\justme\811.txt
c:\users\justme\coreftplite.exe
c:\users\justme\fciv.exe
c:\users\justme\g2mdlhlpx.exe
c:\users\justme\hosts
c:\users\justme\KnowledgeNoteBook_g2v1mw.exe
c:\users\justme\KnowledgeNoteBook_g2v45_win7.exe
c:\users\justme\KnowledgeNoteBook_g2v45a.exe
c:\users\justme\KnowledgeNoteBook_g2v45buyD.exe
c:\users\justme\KnowledgeNoteBook_g2v45buyV.exe
c:\users\justme\KnowledgeNoteBook_g2v45trial2.exe
c:\users\justme\KnowledgeNoteBook_g2v55bd.exe
c:\users\justme\KnowledgeNoteBook_g2v55cn_s.exe
c:\users\justme\KnowledgeNoteBook_g2v55cn1.exe
c:\users\justme\KnowledgeNoteBook_g2v55p.exe
c:\users\justme\KnowledgeNoteBook_g2v60p.exe
c:\users\justme\KnowledgeNoteBook_g2v60p_good.exe
c:\users\justme\KnowledgeNoteBook_g2v60v.exe
c:\users\justme\KnowledgeNoteBook_g2v65MT.exe
c:\users\Public\AlexaNSISPlugin.3520.dll
c:\windows\SysWow64\wocdsodsini.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-04-14 to 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 22:11 . 2014-05-14 22:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-05-14 22:11 . 2014-05-14 22:11 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-05-14 22:11 . 2014-05-14 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 22:11 . 2014-05-14 22:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-14 03:33 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 03:33 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 03:33 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 03:33 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 03:24 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 03:24 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-14 03:24 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 03:09 . 2014-05-14 03:09 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2014-05-14 03:09 . 2014-05-14 03:09 74512 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2014-05-14 02:36 . 2013-11-04 20:47 82824 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2014-05-14 02:36 . 2013-11-04 20:47 74512 ----a-w- c:\windows\SysWow64\bdsandboxuiskin32.dll
2014-05-14 02:36 . 2013-02-22 23:46 93600 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2014-05-14 02:36 . 2013-12-02 16:58 635392 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-05-14 02:36 . 2013-12-02 16:56 893440 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-05-14 02:34 . 2014-05-14 02:34 -------- d-----w- c:\users\justme\AppData\Roaming\Bitdefender
2014-05-14 02:34 . 2013-08-13 17:38 3271472 ---ha-w- C:\bdr-bz01
2014-05-14 02:29 . 2014-05-14 02:38 -------- d-----w- c:\programdata\Bitdefender
2014-05-14 02:29 . 2013-11-04 20:47 84848 ----a-w- c:\windows\system32\BDSandBoxUISkin.dll
2014-05-14 02:29 . 2013-11-04 20:46 34384 ----a-w- c:\windows\system32\BDSandBoxUH.dll
2014-05-14 02:29 . 2013-08-23 17:48 150256 ----a-w- c:\windows\system32\drivers\gzflt.sys
2014-05-14 02:29 . 2013-08-07 17:46 389240 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-05-14 02:13 . 2014-05-14 02:13 -------- d-----w- c:\program files (x86)\Seagate
2014-05-13 22:17 . 2014-05-14 21:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-13 22:17 . 2014-05-13 22:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-13 22:17 . 2014-05-13 22:17 -------- d-----w- c:\programdata\Malwarebytes
2014-05-13 22:17 . 2014-04-03 13:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-13 22:17 . 2014-04-03 13:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-13 22:17 . 2014-04-03 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-13 21:00 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-13 20:59 . 2014-05-13 22:04 -------- d-----w- C:\AdwCleaner
2014-05-13 20:46 . 2014-05-13 20:46 -------- d-----w- c:\windows\ERUNT
2014-05-13 12:42 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A53BA39-B8C0-40DF-BF92-CF386484F1B4}\mpengine.dll
2014-05-10 20:36 . 2013-05-06 13:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2014-05-10 20:34 . 2014-05-10 20:34 -------- d-----w- c:\windows\ELAMBKUP
2014-05-10 20:34 . 2014-05-13 23:07 -------- d-----w- c:\programdata\Kaspersky Lab
2014-05-10 20:34 . 2014-05-10 20:34 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-05-10 20:34 . 2014-03-26 15:00 625248 ----a-w- c:\windows\system32\drivers\klif.sys
2014-05-10 20:34 . 2014-03-26 15:00 115296 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-06 03:43 . 2014-05-14 03:36 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-02 17:54 . 2014-05-02 17:54 -------- d-----w- C:\bma
2014-04-29 19:35 . 2014-04-29 19:35 -------- d-----w- c:\users\justme\AppData\Roaming\JGsoft
2014-04-29 19:35 . 2014-04-29 19:35 -------- d-----w- c:\program files\Just Great Software
2014-04-29 15:48 . 2014-04-29 19:15 -------- d-----w- c:\programdata\vedit
2014-04-29 15:47 . 2014-04-29 19:29 -------- d-----w- c:\program files (x86)\vedit
2014-04-28 20:01 . 2014-04-28 20:01 -------- d-----w- c:\program files (x86)\XML Notepad 2007
2014-04-26 23:27 . 2014-04-26 23:27 480 ----a-w- c:\windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD.tmp
2014-04-26 03:00 . 2014-05-14 02:14 -------- d-----w- c:\programdata\Package Cache
2014-04-25 01:16 . 2014-04-25 01:16 -------- d-----w- C:\E
2014-04-24 18:45 . 2014-04-25 01:11 -------- d-----w- c:\program files\Perfect Uninstaller
2014-04-22 18:34 . 2014-04-22 18:34 -------- d-----w- c:\program files (x86)\Apache Software Foundation
2014-04-21 18:38 . 2014-04-26 14:54 -------- d-----w- C:\ODBTP
2014-04-21 17:45 . 2014-04-21 17:59 -------- d-----w- C:\WWebserver with PHP 5.4.3
2014-04-21 17:09 . 2014-04-21 17:09 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
2014-04-21 17:09 . 2014-04-21 17:09 849360 ----a-w- c:\windows\system32\msvcr110.dll
2014-04-21 17:07 . 2014-04-21 17:07 -------- d-----w- c:\programdata\Logs
2014-04-21 16:07 . 2014-04-21 16:07 356 ----a-w- c:\users\justme\configPHP2.bat
2014-04-21 15:39 . 2014-04-21 15:39 368 ----a-w- c:\users\justme\configPHP.bat
2014-04-21 15:17 . 2014-04-21 15:17 -------- d-----w- c:\program files\runphp
2014-04-21 15:16 . 2014-04-21 15:43 -------- d-----w- c:\program files\IIS Express
2014-04-21 15:16 . 2014-04-21 15:18 -------- d-----w- c:\program files (x86)\IIS Express
2014-04-19 03:20 . 2014-04-26 23:11 -------- d-----w- c:\users\DefaultAppPool
2014-04-18 22:54 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2014-04-18 22:54 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2014-04-18 22:54 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2014-04-18 22:54 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2014-04-18 22:54 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2014-04-18 22:54 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2014-04-18 22:54 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2014-04-18 22:54 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2014-04-18 22:54 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2014-04-18 22:54 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2014-04-18 22:54 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2014-04-18 22:54 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2014-04-18 14:43 . 2014-04-18 14:43 -------- d-----w- c:\windows\SysWow64\BestPractices
2014-04-18 14:43 . 2014-04-18 14:43 -------- d-----w- c:\windows\system32\BestPractices
2014-04-18 14:43 . 2014-04-18 14:43 -------- d-----w- C:\inetpub
2014-04-18 14:19 . 2014-04-18 14:19 -------- d-----w- c:\program files\Microsoft
2014-04-17 18:42 . 2014-04-21 14:36 -------- d-----w- C:\php5
2014-04-16 14:20 . 2014-05-08 14:08 -------- d-----w- C:\cra360
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 03:27 . 2010-08-11 15:12 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-02 15:16 . 2013-01-02 02:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-02 15:16 . 2011-08-23 12:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 13:35 . 2010-01-28 20:23 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-26 15:00 . 2014-03-26 15:00 178272 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-03-26 15:00 . 2014-03-26 15:00 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-03-26 15:00 . 2014-03-26 15:00 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-03-26 15:00 . 2014-03-26 15:00 29280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2014-03-26 15:00 . 2014-03-26 15:00 29280 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-03-06 09:31 . 2014-04-12 03:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-12 03:44 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-12 03:44 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-12 03:43 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-12 03:43 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-12 03:44 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-12 03:44 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-12 03:44 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-12 03:44 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-12 03:43 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-12 03:44 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-12 03:43 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-12 03:43 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-12 03:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-12 03:44 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-12 03:44 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-12 03:44 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-12 03:43 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-12 03:44 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-12 03:44 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-12 03:43 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-12 03:44 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-12 03:44 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-12 03:43 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-12 03:44 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-12 03:44 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-12 03:43 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-12 03:43 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-12 03:43 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-12 03:43 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-12 03:43 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-12 03:43 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-12 03:43 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 13:16 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 13:16 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 13:16 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 13:16 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 13:16 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 13:16 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 13:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 13:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 13:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 13:16 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 13:16 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-03-02 15:07 . 2014-03-02 15:12 251 ----a-w- c:\program files\update.bat
2013-12-01 21:13 . 2013-12-01 21:40 2134 ----a-w- c:\program files\addDesktopIconKN_ch.bat
2013-12-01 21:12 . 2013-12-01 21:40 2125 ----a-w- c:\program files\addDesktopIconKN.bat
2013-11-27 19:39 . 2013-11-27 19:55 296 ----a-w- c:\program files\preinstall.bat
2012-09-14 13:52 . 2013-10-29 02:09 3310 ----a-w- c:\program files\Install_KN_Access.bat
2012-09-13 13:53 . 2013-10-29 02:09 1217 ----a-w- c:\program files\AddKNdesktopIcon.bat
2012-08-20 14:44 . 2012-08-20 14:44 57344 ----a-w- c:\program files\Shortcut2.exe
2010-07-01 05:15 . 2010-07-02 20:57 6823 ------w- c:\program files\canvas2image.js
2010-06-13 03:25 . 2010-05-25 21:46 1618 ------w- c:\program files\autoSaveEvery3Minutes.js
2010-06-13 03:15 . 2010-05-30 21:14 1206 ------w- c:\program files\autoSaveEveryMinute.js
2010-06-03 12:27 . 2013-10-29 02:09 172 ----a-w- c:\program files\PleaseWait.cmd
2010-05-25 03:27 . 2010-05-23 23:12 652 ------w- c:\program files\autoUpdateMay282008.js
2010-04-22 01:33 . 2013-10-29 02:09 155 ----a-w- c:\program files\KNcheck.bat
2009-03-12 20:03 . 2010-01-31 05:27 1024 ----a-w- c:\program files\showwin.exe
2005-07-04 05:11 . 2010-01-31 05:27 57344 ----a-w- c:\program files\Shortcut.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"ApacheTomcatMonitor6.0_Tomcat6"="c:\oc\tomcat\bin\Tomcat6w.exe" [2013-04-29 104448]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-03-19 567888]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-03-15 1001536]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-03-19 614232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-08-23 876832]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-03-19 567888]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-03-15 1001536]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-03-19 614232]
.
c:\users\justme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2013-7-10 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys;c:\windows\SYSNATIVE\Drivers\avgrkx64.sys [x]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys;c:\windows\SYSNATIVE\Drivers\avgldx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Railo 3.1 Server;Railo 3.1 Server;c:\program files\Railo\httpd.exe;c:\program files\Railo\httpd.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R3 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 EraserUtilDrv11311;EraserUtilDrv11311;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 ksapi64;ksapi64;c:\windows\system32\drivers\ksapi64.sys;c:\windows\SYSNATIVE\drivers\ksapi64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2_000.sys [x]
R3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE;c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE XE [x]
R3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe;c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [x]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys;c:\windows\SYSNATIVE\DRIVERS\Prot6Flt.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 StreamingFSD;StreamingFSD;c:\programdata\Embarcadero\AppWaveBrowser\x64\StreamingFSD.sys;c:\programdata\Embarcadero\AppWaveBrowser\x64\StreamingFSD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [x]
R4 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [x]
R4 ColdFusion 10 .NET Service;ColdFusion 10 .NET Service;c:\coldfusion10\cfusion\jnbridge\CFDotNetsvc.exe;c:\coldfusion10\cfusion\jnbridge\CFDotNetsvc.exe [x]
R4 ColdFusion 10 Application Server;ColdFusion 10 Application Server;c:\coldfusion10\cfusion\bin\coldfusionsvc.exe;c:\coldfusion10\cfusion\bin\coldfusionsvc.exe [x]
R4 ColdFusion 10 ODBC Agent;ColdFusion 10 ODBC Agent;c:\coldfusion10\cfusion\db\slserver54\bin\swagent.exe ColdFusion 10 ODBC Agent;c:\coldfusion10\cfusion\db\slserver54\bin\swagent.exe ColdFusion 10 ODBC Agent [x]
R4 ColdFusion 10 ODBC Server;ColdFusion 10 ODBC Server;c:\coldfusion10\cfusion\db\slserver54\bin\swstrtr.exe ColdFusion 10 ODBC Server;c:\coldfusion10\cfusion\db\slserver54\bin\swstrtr.exe ColdFusion 10 ODBC Server [x]
R4 ColdFusion10JettyService;ColdFusion 10 Jetty Service;c:\coldfusion10\cfusion\jetty\jetty.exe;c:\coldfusion10\cfusion\jetty\jetty.exe [x]
R4 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [x]
R4 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [x]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
R4 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
R4 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe;c:\program files (x86)\Novatel Wireless\Drivers\NWHelper.exe [x]
R4 ODBTPServer;ODBTP Server;c:\odbtp\odbtpsrv.exe;c:\odbtp\odbtpsrv.exe [x]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE;c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe XE [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys;c:\windows\SYSNATIVE\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys;c:\windows\SYSNATIVE\Drivers\avgtdia.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Tomcat6;Apache Tomcat 6.0 Tomcat6;c:\oc\tomcat\bin\Tomcat6.exe;c:\oc\tomcat\bin\Tomcat6.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 03:10 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 15:16]
.
2014-04-02 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2014-04-01 22:56]
.
2014-05-14 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-62368681-3386562447-3805219642-1003.job
- c:\users\justme\AppData\Local\Citrix\GoToMeeting\1350\g2mupdate.exe [2014-04-09 16:52]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf4dd18f3e2060.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 11:49]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf4dd18f914aa8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-19 11:49]
.
2014-04-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2013-04-06 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2011-06-23 13:25]
.
2014-05-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-03-26 1742064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mStart Page = hxxp://www.duba.com/?f=duba_lock&v=2013.50
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = expresstunnel.info:80
TCP: DhcpNameServer = 10.128.128.128
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\justme\AppData\Roaming\Mozilla\Firefox\Profiles\juvvssqi.default\
FF - ExtSQL: 2014-04-22 15:07; [email protected]; c:\program files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF - ExtSQL: 2014-05-10 16:50; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF - ExtSQL: 2014-05-10 16:50; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
FF - ExtSQL: 2014-05-10 16:50; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\[email protected]
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Wow6432Node-HKCU-Run-Mobilink3 - (no file)
SafeBoot-BsScanner
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Tesseract-OCR - c:\program files\Railo\Tesseract-OCR\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet006\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet006\services\MySQL]
"ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet006\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet006\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet006\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-14 18:17:35
ComboFix-quarantined-files.txt 2014-05-14 22:17
.
Pre-Run: 333,665,697,792 bytes free
Post-Run: 335,219,650,560 bytes free
.
- - End Of File - - B4BCD48CE0FA950EF30D9DCEAF859FAF
5C616939100B85E558DA92B899A0FC36

 

[johnb35]

According to the combofix log, you have bit defender installed as well. Please uninstall that before doing anything else. I'm on my way to bed right now but I do some cleanup is required yet. Now that you have run combofix please navigate to C:\Qoobox and in that folder is a file named add-remove programs.txt Open that file and copy and paste the contents back here. Once you post the programs list I will give you a list of things to do.

 

[givemeabreak]

According to the combofix log, you have bit defender installed as well. Please uninstall that before doing anything else. I'm on my way to bed right now but I do some cleanup is required yet. Now that you have run combofix please navigate to C:\Qoobox and in that folder is a file named add-remove programs.txt Open that file and copy and paste the contents back here. Once you post the programs list I will give you a list of things to do.

Not sure if combofix or something else, my computer crashed several times today prior to BitDefender uninstallation and after. And even worse, the built-in Repair function is no longer working. At this point, the computer is dead, something deep evil seems going on here ...

 

[johnb35]

Whats going on with it now?

 

[givemeabreak]

Whats going on with it now?

I managed to bring the system back. Still not sure if combofix or bitfender or something else that the system crashed so often in one day (hardware failure would be least likely). One of the blue death screen indicated "Bad_system_configuration" something, which is absurd on windows 7 part if no attack had been launched against the system.

 

[johnb35]

Are you still requiring help?

 

[givemeabreak]

Yes. Computer is a tool that I use to make a living. In the meantime, forgive me for being direct, I don't have a lot of confidence in ComboFix at this point due to two things:
a) it deleted some of my personal files without my permission;
b) after running it my computer was back to its previous crashing state.

At the moment, it boots Extremely Slow, in essence it's not usable. I suspect some deeply embedded vicious software is still in this computer, probably hiding in BIO memory space or something that probably 99% of security software is unable to detect or defeat... If it's hardware issue, particularly if it's the hard drive issue, then, why hard drive testing software from Seagate tested it to be of no problem just a few days ago...
Also, at this point, MalwareBytes is unable to start.