Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

pc infected with malware [Closed]

Started by yukukuhi , Dec 31 2013 11:00 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 yukukuhi

yukukuhi

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 31 December 2013 - 11:00 PM

hi

   when i boot to windows a message pops up, i have attached a screenshot of the message.

mozilla browser homepage is messed up.

Attached Thumbnails

  • conduit.jpg

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 January 2014 - 08:09 PM

:welcome:

 

Download DDS from one of the links below to your desktop
 
 
  •  
  • Double  click the tool to run it.
  • A black Screen   will open, just  read the contents and do nothing.
  • When the  tool  finishes, it  will open 2 reports, DDS.txt and attach.txt
  • Copy/Paste the contents of 'DDS.txt' into your post.
 
 
 
 
 
 
 

Download aswMBR.exe ( 511KB ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
aswMBR1.png
 
On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png
 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 yukukuhi

yukukuhi

    Authentic Member

  • Authentic Member
  • PipPip
  • 92 posts

Posted 05 January 2014 - 10:29 PM

here are the logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.21.2
Run by Sai SGK at 9:53:31 on 2014-01-06
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.91.1033.18.3255.1720 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\WinZipper\winzipersvc.exe
C:\Windows\system32\nvvsvc.exe
C:\ProgramData\WPM\wprotectmanager.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Airtel NetXpert\bin\sprtsvc.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Airtel NetXpert\bin\tgsrvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\GreyGray\updateGreyGray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\GreyGray\bin\utilGreyGray.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Airtel NetXpert\bin\sprtcmd.exe
C:\Program Files\Mobogenie\DaemonProcess.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Sai SGK\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mobogenie\mgusb.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
uDefault_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
uDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
mStart Page = hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
mDefault_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
mSearchAssistant = hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
mCustomizeSearch = hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GreyGray: {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - c:\program files\greygray\GreyGraybho.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [uTorrent] "c:\users\sai sgk\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
uRun: [AdobeBridge] <no file>
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [BATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe
mRun: [HP Remote Solution] c:\program files\hewlett-packard\hp remote solution\HP_Remote_Solution.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [PC-Doctor for Windows localizer] c:\program files\pc-doctor for windows\localizer.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [netxpert] "c:\program files\airtel netxpert\bin\sprtcmd.exe" /P netxpert
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Quick-Drop] "c:\program files\corel\corel dvd moviefactory 7\corel dvd moviefactory 7\Quick-Drop.exe" WINDOWCALL
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averhi~1.lnk - c:\program files\common files\avermedia\averquick\AVerHIDReceiver.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\averqu~1.lnk - c:\program files\common files\avermedia\averquick\AVerQuick.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{142BAE4A-60FA-4A8F-897E-3CE24ACDD79E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{95278B9B-CEB4-41F9-8410-767709D61073} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sai sgk\appdata\roaming\mozilla\firefox\profiles\fn2axvjy.default-1387695976670\
FF - prefs.js: browser.search.selectedEngine - nationzoom
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\sai sgk\appdata\roaming\baidu\baiduyunguanjia\npYunWebDetect.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-10-23 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-10-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R2 AVerRemote;AVerRemote;c:\program files\common files\avermedia\service\AVerRemote.exe [2013-9-30 348160]
R2 AVerScheduleService;AVerScheduleService;c:\program files\common files\avermedia\service\AVerScheduleService.exe [2013-9-30 389120]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-12-15 108000]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 sprtsvc_netxpert;SupportSoft Sprocket Service (netxpert);c:\program files\airtel netxpert\bin\sprtsvc.exe [2013-10-31 206120]
R2 tgsrvc_netxpert;SupportSoft Repair Service (netxpert);c:\program files\airtel netxpert\bin\tgsrvc.exe [2013-10-31 185640]
R2 Update GreyGray;Update GreyGray;c:\program files\greygray\updateGreyGray.exe [2013-12-7 66328]
R2 Util GreyGray;Util GreyGray;c:\program files\greygray\bin\utilGreyGray.exe [2013-12-30 66328]
R2 winzipersvc;WinZiper service;c:\program files\winzipper\winzipersvc.exe [2013-12-30 424104]
R2 Wpm;Wpm Service;c:\programdata\wpm\wprotectmanager.exe -service --> c:\programdata\wpm\wprotectmanager.exe -service [?]
R3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC.sys [2009-8-21 461952]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [2013-5-11 314752]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [2013-5-11 32896]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\drivers\AVer888RCIR.sys [2009-8-21 33280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-21 189440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\drivers\netr28.sys [2012-12-6 2046560]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2013-10-5 230784]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-24 1343400]
.
=============== File Associations ===============
.
.vbs: <filetype is not registered>
.js: <filetype is not registered>
.
=============== Created Last 30 ================
.
2013-12-30 05:16:58    --------    d-----w-    c:\users\sai sgk\appdata\roaming\iSafe
2013-12-30 05:14:09    --------    d-----w-    c:\users\sai sgk\appdata\roaming\WinZipper
2013-12-30 05:14:09    --------    d-----w-    c:\program files\WinZipper
2013-12-30 05:04:46    --------    d-----w-    c:\program files\GreyGray
2013-12-30 05:02:06    --------    d-----w-    c:\users\sai sgk\appdata\local\SwvUpdater
2013-12-30 04:59:47    --------    d-----w-    c:\users\sai sgk\appdata\roaming\Desk 365
2013-12-30 04:59:47    --------    d-----w-    c:\program files\Desk 365
2013-12-30 04:59:33    --------    d-----w-    c:\programdata\WPM
2013-12-30 04:55:07    --------    d-----w-    c:\users\sai sgk\appdata\local\Oxy
2013-12-30 04:55:07    --------    d-----w-    c:\users\sai sgk\appdata\local\Chromium
2013-12-30 04:39:00    --------    d-----w-    c:\users\sai sgk\appdata\roaming\Oxy
2013-12-29 05:12:32    --------    d-----w-    c:\program files\Nero
2013-12-29 05:12:25    --------    d-----w-    c:\programdata\Nero
2013-12-26 04:44:28    --------    d-----w-    c:\program files\Internet Download Manager
2013-12-18 07:31:51    --------    d-----w-    c:\programdata\Conduit
2013-12-18 07:29:25    --------    d-----w-    c:\users\sai sgk\appdata\local\NativeMessaging
2013-12-18 07:29:24    --------    d-----w-    c:\users\sai sgk\appdata\local\Conduit
2013-12-18 07:29:21    --------    d-----w-    c:\program files\Conduit
2013-12-18 04:53:37    --------    d-----w-    c:\users\sai sgk\appdata\local\Jaksta_Technologies_Pty_L
2013-12-18 04:38:46    --------    d-----w-    c:\program files\Applian Technologies
2013-12-15 09:43:44    108000    ----a-w-    c:\windows\system32\drivers\idmwfp.sys
.
==================== Find3M  ====================
.
2013-11-24 20:18:36    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-06 04:15:13    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-06 04:15:13    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-11-03 07:11:10    2272    ----a-w-    c:\windows\system32\w95inf16.dll
2013-11-03 07:11:09    4608    ----a-w-    c:\windows\system32\w95inf32.dll
2013-10-29 04:21:45    1169480    ----a-w-    c:\windows\system32\SpoonUninstall.exe
2013-10-22 19:35:20    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-10-22 19:35:10    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-10-16 11:07:52    57344    ----a-w-    c:\windows\SSEUninstaller.exe
2013-10-16 11:07:39    32768    ----a-w-    c:\windows\system32\ShellLnkSSE.dll
2013-10-16 11:07:38    44544    ----a-w-    c:\windows\system32\Gif89.dll
.
============= FINISH:  9:54:05.62 ===============
 

 

 

as for aswMBR it hangs in the middle, twice i tried.

 

Attached Files


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 06 January 2014 - 06:33 AM

Good Morning,

 

This is why your infected 

 

uTorrent  <-- Any form of P2P (File Sharing ) is very dangerous, your downloading that file from and unknown source and not all but most contain malicious software of some sort or another, its like playing Russian Roulette malwarewise, I need you to uninstall this and stay away from any type of File Sharing.
 
 
C:\Program Files\Internet Download Manager
 
Read this 
 
You need to uninstall this as well
 
 
 
 
 
Download AutoRuns and save it to your Desktop.
  • Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
  • Open the folder and double-click on autoruns.exe to launch it.Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Please be patient as it scans and populates the entries.
  • When finished scanning, it will say Ready at the bottom.
  • In the top menu, click File > Find... and type the file name (background container.dll) related to the error message, then click Find Next.
    • Alternatively, you can scroll through the list and look for any entry related to background container.dll and conduit.
  • If found, right-click on the entry and choose delete.
  • Exit Autoruns and reboot your computer when done.
    •  

     
     
     
     
     
     

    Please download AdwCleaner by Xplode and save to your Desktop.
    •  
    • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
     
     


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 yukukuhi

    yukukuhi

      Authentic Member

    • Authentic Member
    • PipPip
    • 92 posts

    Posted 09 January 2014 - 11:18 PM

    in autoruns i found background conduit start task and deleted it.

     

    btw when i open my web browser(mozilla, chrome) a web page is opening named nation zoom. i want to remove it.

     

     

    here is the report

     

    # AdwCleaner v3.016 - Report created 10/01/2014 at 10:37:33
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 7 Home Premium  (32 bits)
    # Username : Sai SGK - SHIRDISAIBABA
    # Running from : C:\Users\Sai SGK\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : winzipersvc
    Service Found : Wpm

    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\nationzoom.xml
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\sweettunes_search.xml
    File Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
    File Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
    File Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
    File Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
    File Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
    File Found : C:\Users\Sai SGK\Desktop\Mobogenie.lnk
    File Found : C:\Windows\System32\Tasks\AmiUpdXp
    File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
    File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
    File Found : C:\Windows\Tasks\AmiUpdXp.job
    Folder Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    Folder Found : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\Extensions\giolhomkcooifelkdfpejhidfidaahlc
    Folder Found C:\Program Files\Ask.com
    Folder Found C:\Program Files\Conduit
    Folder Found C:\Program Files\Desk 365
    Folder Found C:\Program Files\Mobogenie
    Folder Found C:\Program Files\WinZipper
    Folder Found C:\ProgramData\apn
    Folder Found C:\ProgramData\Babylon
    Folder Found C:\ProgramData\Conduit
    Folder Found C:\ProgramData\IBUpdaterService
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    Folder Found C:\ProgramData\StarApp
    Folder Found C:\ProgramData\WPM
    Folder Found C:\Users\Sai SGK\AppData\Local\Conduit
    Folder Found C:\Users\Sai SGK\AppData\Local\iexplorer\Browsers Monitor
    Folder Found C:\Users\Sai SGK\AppData\Local\Mobogenie
    Folder Found C:\Users\Sai SGK\AppData\Local\NativeMessaging
    Folder Found C:\Users\Sai SGK\AppData\Local\Oxy
    Folder Found C:\Users\Sai SGK\AppData\Local\SwvUpdater
    Folder Found C:\Users\Sai SGK\AppData\LocalLow\AskToolbar
    Folder Found C:\Users\Sai SGK\AppData\LocalLow\baidu
    Folder Found C:\Users\Sai SGK\AppData\LocalLow\Conduit
    Folder Found C:\Users\Sai SGK\AppData\LocalLow\Delta
    Folder Found C:\Users\Sai SGK\AppData\LocalLow\PriceGong
    Folder Found C:\Users\Sai SGK\AppData\Roaming\Babylon
    Folder Found C:\Users\Sai SGK\AppData\Roaming\baidu
    Folder Found C:\Users\Sai SGK\AppData\Roaming\Desk 365
    Folder Found C:\Users\Sai SGK\AppData\Roaming\file scout
    Folder Found C:\Users\Sai SGK\AppData\Roaming\iSafe
    Folder Found C:\Users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    Folder Found C:\Users\Sai SGK\AppData\Roaming\OpenCandy
    Folder Found C:\Users\Sai SGK\AppData\Roaming\Oxy
    Folder Found C:\Users\Sai SGK\AppData\Roaming\WinZipper
    Folder Found C:\Users\Sai SGK\Documents\Mobogenie
    Folder Found C:\Users\SAISGK~1\AppData\Local\Temp\apn
    Folder Found C:\Users\SAISGK~1\AppData\Local\Temp\AskSearch
    Folder Found C:\Users\SAISGK~1\AppData\Local\Temp\Conduit
    Folder Found C:\Users\SAISGK~1\AppData\Local\Temp\Desk365
    Folder Found C:\Users\SAISGK~1\AppData\Local\Temp\NativeMessaging
    Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

    ***** [ Shortcuts ] *****

    Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\Users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\Users\Sai SGK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\Users\Sai SGK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )
    Shortcut Found : C:\Users\Sai SGK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87 )

    ***** [ Registry ] *****

    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\APN PIP
    Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\BabSolution
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Delta
    Key Found : HKCU\Software\Escolade
    Key Found : HKCU\Software\filescout
    Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Found : HKCU\Software\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc
    Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKCU\Software\Popajar
    Key Found : HKCU\Software\SmileysWeLove
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\5d28adbb23cec41
    Key Found : HKLM\Software\APN
    Key Found : HKLM\Software\AskToolbar
    Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
    Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3282698
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\Software\Delta
    Key Found : HKLM\Software\Desksvc
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\giolhomkcooifelkdfpejhidfidaahlc
    Key Found : HKLM\Software\hdcode
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_edonkey2000_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_edonkey2000_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\AmiUpdXp
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Desk 365 RunAsStdUser
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Scheduled Update for Ask Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD03E507-3F45-4281-AD47-8D5F60B01B2D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD03E507-3F45-4281-AD47-8D5F60B01B2D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE978A77-3823-4827-8AEB-1166EC195B3E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F45EB09A-CA82-47A5-8E49-2956C79F498F}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB51EF77-02CF-45F9-A388-EFAEB1116774}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
    Key Found : HKLM\Software\nationzoomSoftware
    Key Found : HKLM\Software\supWPM
    Key Found : HKLM\Software\V9
    Key Found : HKLM\Software\winzipersvc
    Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16483

    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
    Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nationzoom.com/?type=hp&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}
    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.nationzoom.com/web/?type=ds&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87&q={searchTerms}

    -\\ Mozilla Firefox v26.0 (en-US)

    [ File : C:\Users\Sai SGK\AppData\Roaming\Mozilla\Firefox\Profiles\fn2axvjy.default-1387695976670\prefs.js ]

    Line Found : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388379363&from=mp3&uid=ST3750528AS_9VP7TN87");
    Line Found : user_pref("browser.search.defaultenginename", "nationzoom");
    Line Found : user_pref("browser.search.selectedEngine", "nationzoom");
    Line Found : user_pref("extensions.nosquint.sites", "google.co.in=0,1389328846871,274,70,0,0,false,0,0,false animenewsnetwork.com=0,1389155585749,30,100,0,0,false,0,0,false animepast.net=0,1388377773735,2,90,0,0,f[...]

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Sai SGK\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [21057 octets] - [10/01/2014 10:37:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21118 octets] ##########
     


    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 January 2014 - 03:00 AM

    Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    •  
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    Let me know if your still getting that error message after running these programs and if so we can fix that


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 January 2014 - 07:35 AM

    Due to inactivity this topic will be closed.
    If you need help please start a new thread.

    New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics

    Back to Virus, Spyware & Malware Removal · Next Unread Topic →

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. What the Tech
    2. Spyware / Malware / Virus Removal
    3. Virus, Spyware & Malware Removal
    4. Privacy Policy
    5. Terms of Use ·