GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


web.longfintuna.net popup

2 posters

descriptionweb.longfintuna.net popup Emptyweb.longfintuna.net popup16th September 2013, 1:45 pm

more_horiz
I am having an issue where I am getting a pop up where the laptop is trying to connect to a website address: web.longfintuna.net
It is prompting me to run a free windows scan to fix
There is also a new program that was loaded onto my laptop (not by me or anyone else) call Uniblue speed up my PC.

I have ran AVG and Malwarebytes.  I thought this took care of it, but they both came back a day later.

Please advise how to remove.



Thanks

Greg

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup16th September 2013, 7:38 pm

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.

  • Double click on adwcleaner.exe to run the tool.

  • Click on Delete.

  • Confirm each time with OK

  • Your computer will be rebooted automatically. A text file will open after the restart.

  • Please post the content of that logfile in your reply.

  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


*********************************************
web.longfintuna.net popup Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select "Perform Full Scan", then click Scan.

  • The scan may take some time to finish,so please be patient.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Make sure that everything is checked, and click Remove Selected.

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

  • Please save the log to a location you will remember.

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

  • Copy and paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

Last edited by Superdave on 12th October 2013, 10:29 pm; edited 1 time in total

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup17th September 2013, 2:40 am

more_horiz
Hi Dave thanks for the help.  Here are the results from adwcleaner:
# AdwCleaner v3.004 - Report created 16/09/2013 at 22:34:23
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Greg - GREG-HP
# Running from : C:\Users\Greg\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
Folder Deleted : C:\Program Files (x86)\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Greg\AppData\Local\apn
Folder Deleted : C:\Users\Greg\AppData\Local\PackageAware
Folder Deleted : C:\Users\Greg\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Greg\AppData\Roaming\DSite
Folder Deleted : C:\Users\Greg\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Greg\AppData\Roaming\Uniblue\SpeedUpMyPC
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Deleted : C:\Windows\Tasks\SpeedUpMyPC.job
File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC
File Deleted : C:\Windows\Tasks\spmonitor.job
File Deleted : C:\Windows\System32\Tasks\spmonitor

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13670 octets] - [16/09/2013 22:30:32]
AdwCleaner[S0].txt - [13145 octets] - [16/09/2013 22:34:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13206 octets] ##########

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup17th September 2013, 5:02 am

more_horiz
This is the Malware report:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Greg :: GREG-HP [administrator]

9/16/2013 10:44:34 PM
mbam-log-2013-09-16 (22-44-34).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 449023
Time elapsed: 1 hour(s), 53 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\AdwCleaner\Quarantine\C\Users\Greg\AppData\Roaming\OpenCandy\1BCEF817AEFC40EBAECD41BF9CFE1393\SmartbarExeInstaller.exe.vir (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_ICReinstall_VideoConverterSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Temp\ICReinstall_ICReinstall_ICReinstall_VideoConverterSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Greg\AppData\Local\Temp\ICReinstall_ICReinstall_VideoConverterSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

(end)

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup17th September 2013, 10:05 am

more_horiz
JRT results:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Greg on Tue 09/17/2013 at 1:09:04.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{714AAA51-074F-4E90-8C26-8D7BA891E2E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Users\Greg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Greg\AppData\Roaming\zip opener packages"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{02DE9E05-BC7E-4DF6-AD10-E3C4C9181E22}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{06EED4DA-B798-46B3-A34F-BEEC692C9039}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{0FEE5995-80F2-427A-88A3-9BBF718B5FEB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{114958AB-5666-4FF6-91E7-1B1C4976E6FA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{165DA360-5A21-45E1-A1CD-369B3D39F213}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{17D56F50-963C-44D8-844A-63D8F85EEE27}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1A4A3CF9-9906-4C8B-BB93-BB97F2B564DE}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1AC3D4CA-560D-40D5-992D-3B94E7A557A1}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1C8543C5-6D26-4354-B0AD-309FA0CA97F2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1E308946-5734-4314-9F8C-0F9BF3EF2B4A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1EF950A1-E8A6-41A1-8D34-B1BD7045B2AB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{21294BA9-D7AB-4C0E-AB2A-01ED3FE2C2F7}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{2358F620-B3BE-4A7D-A194-1210E0B3548A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{25B303F2-B82A-4298-A724-5260C8D14FF9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{30E6E538-BEE4-4595-911C-AA70CFCA9B5A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{3619FC79-FA80-4972-9646-79A41B31AB65}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{3A2BC904-4D7A-48A6-9E42-4B7CF444E1EB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{3F830C96-703C-473A-B9B8-85068401B7CA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{48FF40B6-03B6-411F-B9F7-58F70E9056E9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4983EB23-0DFA-41D3-BEC4-A7220B5D2DCB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4A0D47D8-5B35-4839-90E2-CE0D8DA7741B}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4C64ADFF-FE99-4CA8-84D7-0EE919966200}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4F10035A-B25D-4985-B6A1-38E273D4EFD9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5249B08F-FB1C-4DAE-9D49-9D9AFEA327E9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{529ED36C-E27D-46BA-AF77-859B29D0163D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{52D16EF3-6A91-44F3-A7E4-90B21A3B1EBE}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{54C838A0-D173-421E-9A06-1F169FE260BB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5566F1E3-A187-4C75-944B-2ABFAD388C13}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{595974F9-350D-46C5-932C-3DD82728FCEA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5B9D45D2-EEB7-41F1-BB3D-26482221A00F}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5C1A76E8-866A-4998-B2DC-30FB0F54B30B}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6012D7F0-B3F6-4EB3-B041-CC96292D1401}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{60A8D7A1-0791-453C-8DA1-F77D2A281993}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6219CC1F-4D96-42F0-8AE2-B6CC3CA016DA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{623C14E5-822A-4919-A08B-C54AA2A0E857}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{63704EBD-366E-4FD2-ABB5-078CA00C6FA9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{63B1D05E-C0C6-4E25-A24B-A7DA323E410D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{659831F8-F94D-4B81-B23A-954AE84A9676}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6945B8BB-407A-453A-A11D-EC166290CDCB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6B42BBAF-D8A1-4C9D-905C-764C3D45A803}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{75B740CA-9ACC-4B0D-9E9E-582CD109E543}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{767C81E4-212D-467A-B397-7C721ED65682}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{76969CB9-E217-4FE1-9FFF-A9BB6CB03FD2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7AB58DD3-2345-4F17-A638-6CC8F738149E}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7D9DA14D-D0C9-4AFE-81A4-266EFB903A7D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7DF9EEF0-45AC-4EB8-B893-2A61C3398804}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7F163994-B002-4184-B5CB-9F859CCD3459}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8184CF1D-792C-41B6-B03B-349902C05579}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{841EBB32-2AE1-47C5-8379-7D7B2CA252FC}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{876BED91-9D11-4256-9739-8030BEE3A787}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{879120F3-A05B-4E3D-BBDD-61B6D9B576D5}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8A789B02-4746-4A9E-8143-425ADF01A695}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8C6C15CE-AA18-4533-A9FD-1A4A5774967C}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8F31605C-25FD-4FA3-B74B-62C4002CEF94}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{9199F23D-3577-4CD8-96AF-33CED505C1C4}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{91EEEE17-B114-4BFB-A2F8-8DD8E89A9CDC}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{92D75D67-AE07-4B53-8AE5-CED3D6A79435}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{95EDEE7A-8C23-40C7-8880-6C6742DE3C58}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{98FEEDA3-D374-4552-879D-62098D149522}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{9B605EB5-0239-4A1E-8C69-0D5E5A79D1C4}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{9BEB205E-E0AB-4C9E-ACC2-75FFFD7E33A6}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{AB6A6681-97AA-4009-A268-8306488D0ABF}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{ADE0A45B-0EF3-47EC-ABA6-B2F869CF0AF9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B1B4C8BD-C96E-473C-8858-863F22AE2FC6}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B817D45D-384D-407A-A984-EE2AA27CCD6C}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B82ACDCB-62D1-43A7-8809-A762A72AE1DB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B9E847FF-108C-4273-8CD6-78B6D673F3B7}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{BE5DBA8A-DF7C-44D3-8896-79B01F4A2D8D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{BFE9CD0B-E29C-454C-BC0F-3675E7CB339D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C14A539E-ABC2-481B-8ACE-F4A3B3571469}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C3F75A3B-795C-48B4-8B05-C760EDD5B22E}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C6BE1178-2263-4528-B2F6-60F01E3FBDDF}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C753052C-0484-4584-B42A-18F14C9FA1F2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C91A6F1B-D542-4018-85E0-798FA1E8A652}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{CCFA6CC0-9D85-42F0-B0D1-26D8EFF7701A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{CD90EEBE-F865-4470-909C-7FF77692C797}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D02AE09C-B9EB-486A-BCD6-8A5E505D9828}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D4B77B49-A8D4-4232-840D-29A3730397E8}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D93EEDB2-6E69-4C34-8C87-360F794162D5}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D97DF166-C380-4340-892B-38671888FD00}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{DBB75E64-9DFA-4EB0-9FEF-3F3475356CB3}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{DC1449F7-6A56-4532-9C93-D5571D436293}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{DFBB8813-F74E-4FBA-AC11-8AF768C36A0D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{EB38D5A6-7AC8-4541-8047-ED530AFD6073}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{EDF041C1-5B42-4FB5-B33A-A4F0781EABA5}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F14414B7-F785-4138-AF15-E800DD1FDC65}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F2245D5F-C399-43B8-BC55-9B2B25627437}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F34B22C0-B455-4996-BC5A-FDC86874176B}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F5DB9697-AD78-4C12-892C-6FAA039ADE35}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F69F822B-0327-4B48-B719-68499D3315B2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F9019420-5916-41A0-AC75-1CEE779F34AF}
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 1:17:28.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup17th September 2013, 10:16 am

more_horiz
JRT 2nd run:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Greg on Tue 09/17/2013 at 1:09:04.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{714AAA51-074F-4E90-8C26-8D7BA891E2E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{90195ABB-0262-4D99-AA65-181863185B97}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files

Successfully deleted: [File] "C:\Users\Greg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Greg\AppData\Roaming\zip opener packages"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{02DE9E05-BC7E-4DF6-AD10-E3C4C9181E22}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{06EED4DA-B798-46B3-A34F-BEEC692C9039}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{0FEE5995-80F2-427A-88A3-9BBF718B5FEB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{114958AB-5666-4FF6-91E7-1B1C4976E6FA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{165DA360-5A21-45E1-A1CD-369B3D39F213}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{17D56F50-963C-44D8-844A-63D8F85EEE27}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1A4A3CF9-9906-4C8B-BB93-BB97F2B564DE}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1AC3D4CA-560D-40D5-992D-3B94E7A557A1}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1C8543C5-6D26-4354-B0AD-309FA0CA97F2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1E308946-5734-4314-9F8C-0F9BF3EF2B4A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{1EF950A1-E8A6-41A1-8D34-B1BD7045B2AB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{21294BA9-D7AB-4C0E-AB2A-01ED3FE2C2F7}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{2358F620-B3BE-4A7D-A194-1210E0B3548A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{25B303F2-B82A-4298-A724-5260C8D14FF9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{30E6E538-BEE4-4595-911C-AA70CFCA9B5A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{3619FC79-FA80-4972-9646-79A41B31AB65}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{3A2BC904-4D7A-48A6-9E42-4B7CF444E1EB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{3F830C96-703C-473A-B9B8-85068401B7CA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{48FF40B6-03B6-411F-B9F7-58F70E9056E9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4983EB23-0DFA-41D3-BEC4-A7220B5D2DCB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4A0D47D8-5B35-4839-90E2-CE0D8DA7741B}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4C64ADFF-FE99-4CA8-84D7-0EE919966200}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{4F10035A-B25D-4985-B6A1-38E273D4EFD9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5249B08F-FB1C-4DAE-9D49-9D9AFEA327E9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{529ED36C-E27D-46BA-AF77-859B29D0163D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{52D16EF3-6A91-44F3-A7E4-90B21A3B1EBE}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{54C838A0-D173-421E-9A06-1F169FE260BB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5566F1E3-A187-4C75-944B-2ABFAD388C13}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{595974F9-350D-46C5-932C-3DD82728FCEA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5B9D45D2-EEB7-41F1-BB3D-26482221A00F}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{5C1A76E8-866A-4998-B2DC-30FB0F54B30B}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6012D7F0-B3F6-4EB3-B041-CC96292D1401}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{60A8D7A1-0791-453C-8DA1-F77D2A281993}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6219CC1F-4D96-42F0-8AE2-B6CC3CA016DA}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{623C14E5-822A-4919-A08B-C54AA2A0E857}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{63704EBD-366E-4FD2-ABB5-078CA00C6FA9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{63B1D05E-C0C6-4E25-A24B-A7DA323E410D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{659831F8-F94D-4B81-B23A-954AE84A9676}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6945B8BB-407A-453A-A11D-EC166290CDCB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{6B42BBAF-D8A1-4C9D-905C-764C3D45A803}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{75B740CA-9ACC-4B0D-9E9E-582CD109E543}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{767C81E4-212D-467A-B397-7C721ED65682}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{76969CB9-E217-4FE1-9FFF-A9BB6CB03FD2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7AB58DD3-2345-4F17-A638-6CC8F738149E}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7D9DA14D-D0C9-4AFE-81A4-266EFB903A7D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7DF9EEF0-45AC-4EB8-B893-2A61C3398804}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{7F163994-B002-4184-B5CB-9F859CCD3459}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8184CF1D-792C-41B6-B03B-349902C05579}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{841EBB32-2AE1-47C5-8379-7D7B2CA252FC}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{876BED91-9D11-4256-9739-8030BEE3A787}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{879120F3-A05B-4E3D-BBDD-61B6D9B576D5}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8A789B02-4746-4A9E-8143-425ADF01A695}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8C6C15CE-AA18-4533-A9FD-1A4A5774967C}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{8F31605C-25FD-4FA3-B74B-62C4002CEF94}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{9199F23D-3577-4CD8-96AF-33CED505C1C4}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{91EEEE17-B114-4BFB-A2F8-8DD8E89A9CDC}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{92D75D67-AE07-4B53-8AE5-CED3D6A79435}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{95EDEE7A-8C23-40C7-8880-6C6742DE3C58}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{98FEEDA3-D374-4552-879D-62098D149522}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{9B605EB5-0239-4A1E-8C69-0D5E5A79D1C4}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{9BEB205E-E0AB-4C9E-ACC2-75FFFD7E33A6}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{AB6A6681-97AA-4009-A268-8306488D0ABF}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{ADE0A45B-0EF3-47EC-ABA6-B2F869CF0AF9}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B1B4C8BD-C96E-473C-8858-863F22AE2FC6}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B817D45D-384D-407A-A984-EE2AA27CCD6C}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B82ACDCB-62D1-43A7-8809-A762A72AE1DB}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{B9E847FF-108C-4273-8CD6-78B6D673F3B7}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{BE5DBA8A-DF7C-44D3-8896-79B01F4A2D8D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{BFE9CD0B-E29C-454C-BC0F-3675E7CB339D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C14A539E-ABC2-481B-8ACE-F4A3B3571469}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C3F75A3B-795C-48B4-8B05-C760EDD5B22E}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C6BE1178-2263-4528-B2F6-60F01E3FBDDF}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C753052C-0484-4584-B42A-18F14C9FA1F2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{C91A6F1B-D542-4018-85E0-798FA1E8A652}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{CCFA6CC0-9D85-42F0-B0D1-26D8EFF7701A}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{CD90EEBE-F865-4470-909C-7FF77692C797}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D02AE09C-B9EB-486A-BCD6-8A5E505D9828}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D4B77B49-A8D4-4232-840D-29A3730397E8}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D93EEDB2-6E69-4C34-8C87-360F794162D5}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{D97DF166-C380-4340-892B-38671888FD00}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{DBB75E64-9DFA-4EB0-9FEF-3F3475356CB3}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{DC1449F7-6A56-4532-9C93-D5571D436293}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{DFBB8813-F74E-4FBA-AC11-8AF768C36A0D}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{EB38D5A6-7AC8-4541-8047-ED530AFD6073}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{EDF041C1-5B42-4FB5-B33A-A4F0781EABA5}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F14414B7-F785-4138-AF15-E800DD1FDC65}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F2245D5F-C399-43B8-BC55-9B2B25627437}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F34B22C0-B455-4996-BC5A-FDC86874176B}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F5DB9697-AD78-4C12-892C-6FAA039ADE35}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F69F822B-0327-4B48-B719-68499D3315B2}
Successfully deleted: [Empty Folder] C:\Users\Greg\appdata\local\{F9019420-5916-41A0-AC75-1CEE779F34AF}
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 1:17:28.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup17th September 2013, 10:17 am

more_horiz
Dave everything you asked for should be in the prior posts.
Thanks Greg

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup17th September 2013, 10:53 pm

more_horiz
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

web.longfintuna.net popup NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

web.longfintuna.net popup NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

web.longfintuna.net popup RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

web.longfintuna.net popup Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup18th September 2013, 1:53 am

more_horiz
Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 33
Java 7 Update 25
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader XI
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup18th September 2013, 3:44 am

more_horiz
ComboFix 13-09-17.01 - Greg 09/17/2013 22:00:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2208 [GMT -4:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Greg\Documents\ppt598D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-08-18 to 2013-09-18 )))))))))))))))))))))))))))))))
.
.
2013-09-18 03:30 . 2013-09-18 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-17 05:08 . 2013-09-17 05:08 -------- d-----w- c:\windows\ERUNT
2013-09-17 02:30 . 2013-09-17 02:34 -------- d-----w- C:\AdwCleaner
2013-09-14 20:05 . 2013-09-14 20:05 -------- d-----w- c:\users\Greg\AppData\Roaming\Malwarebytes
2013-09-14 20:05 . 2013-09-14 20:05 -------- d-----w- c:\programdata\Malwarebytes
2013-09-14 20:05 . 2013-09-17 02:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-14 20:05 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-14 20:02 . 2013-09-14 20:02 -------- d-----w- c:\users\Greg\AppData\Local\Programs
2013-09-09 22:43 . 2013-09-17 02:34 -------- d-----w- c:\users\Greg\AppData\Roaming\Uniblue
2013-09-09 22:43 . 2013-09-17 02:34 -------- d-----w- c:\program files (x86)\Uniblue
2013-09-09 22:31 . 2013-09-09 22:31 -------- d-----w- c:\program files (x86)\Unitech LLC
2013-09-09 22:31 . 2013-09-09 22:31 -------- d-----w- c:\users\Greg\AppData\Roaming\Unitech LLC
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-04 21:33 . 2008-10-27 14:04 514384 ----a-w- c:\windows\SysWow64\XAudio2_3.dll
2013-09-04 21:33 . 2008-10-27 14:04 70992 ----a-w- c:\windows\SysWow64\XAPOFX1_2.dll
2013-09-04 21:33 . 2013-09-04 21:33 -------- d-----w- c:\program files (x86)\SmartMusic
2013-09-03 21:24 . 2013-09-03 21:24 -------- d-----w- c:\users\Greg\AppData\Roaming\Unity
2013-08-24 16:28 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-24 16:28 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-24 16:28 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-24 16:28 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-24 16:17 . 2013-08-24 16:21 -------- d-----w- c:\windows\system32\MRT
2013-08-24 16:16 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-24 16:16 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-24 16:16 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-24 16:16 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-24 16:16 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-24 16:16 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-24 16:16 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-24 16:16 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-24 16:16 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-24 16:16 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-24 16:15 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-24 16:15 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-24 16:15 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-24 16:15 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-24 16:15 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-24 16:14 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-24 16:17 . 2011-10-16 20:28 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-19 12:20 . 2013-05-29 20:41 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-20 05:51 . 2013-07-20 05:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-20 05:50 . 2013-07-20 05:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-20 05:50 . 2013-07-20 05:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 05:50 . 2013-07-20 05:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-01 05:45 . 2013-07-01 05:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-07-01 02:05 . 2013-07-01 02:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-01 02:05 . 2012-06-21 02:14 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-07-01 02:05 . 2011-04-18 19:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-01 01:40 . 2012-05-27 15:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-01 01:40 . 2011-10-21 02:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\CA\PCPitstopScheduleService.exe;c:\program files (x86)\CA\PCPitstopScheduleService.exe [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 15:46 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 15:13]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-24 15:13]
.
2013-09-18 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-12-01 14:47]
.
2013-09-14 c:\windows\Tasks\HPCeeScheduleForGreg.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-01-28 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-25 1128448]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ROC_ROC_APR2013_AV - c:\users\Greg\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-DSite - c:\users\Greg\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-17 23:39:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-18 03:39
.
Pre-Run: 394,229,870,592 bytes free
Post-Run: 396,335,558,656 bytes free
.
- - End Of File - - 7A4783653DB90F123DFCE4A1455A476E

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup18th September 2013, 7:38 pm

more_horiz
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DDS::
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: soe.com
    Trusted Zone: sony.com

    Firefox::
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: soe.com
    Trusted Zone: sony.com

  • Save this as CFScript.txt, in the same location as ComboFix.exe

    web.longfintuna.net popup Cfscriptb4

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log if you decide to run this script.

**************************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup21st September 2013, 12:58 am

more_horiz
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.20.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Greg :: GREG-HP [administrator]

9/20/2013 8:18:33 PM
mbar-log-2013-09-20 (20-18-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 225285
Time elapsed: 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup21st September 2013, 12:58 am

more_horiz
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.393000 GHz
Memory total: 4083007488, free: 2075529216

Downloaded database version: v2013.09.20.10
Downloaded database version: v2013.09.20.01
=======================================
Initializing...
------------ Kernel report ------------
09/20/2013 20:18:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005281060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005007050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005281060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005281b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005281060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005007050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A001F58

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 946087936

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 946497536 Numsec = 30062592

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 976560128 Numsec = 210992

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Read File: File "c:\programdata\avg2013\chjw\a2848e40848e1747.dat:5a068d29-03fb-4a06-908b-d273dac6a779" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup21st September 2013, 1:13 am

more_horiz
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the web.longfintuna.net popup EsetOnline button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on web.longfintuna.net popup EsetSmartInstall to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the web.longfintuna.net popup EsetSmartInstallDesktopIcon-1 icon on your desktop.

•Check web.longfintuna.net popup EsetAcceptTerms
•Click the web.longfintuna.net popup EsetStart button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check web.longfintuna.net popup EsetScanArchives
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push web.longfintuna.net popup EsetListThreats
•Push web.longfintuna.net popup EsetExport, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the web.longfintuna.net popup EsetBack button.
•Push web.longfintuna.net popup EsetFinish
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup21st September 2013, 11:30 pm

more_horiz
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\469e35c3-6b72284d a variant of Java/TrojanDownloader.Agent.NDJ trojan cleaned by deleting - quarantined

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup21st September 2013, 11:32 pm

more_horiz
Prior to running this online scan I noticed that the battery indicator was stating a certain %, than after few minutes the % raised. I did not plug it in during that time. Could the trojan downloader the online scanner found have caused this?

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup21st September 2013, 11:43 pm

more_horiz
How's your computer working now? Any other issues before we clean up?

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup26th September 2013, 12:22 am

more_horiz
No. Things seem to be working well.
Thank you for your help in getting rid of this virus.

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup26th September 2013, 12:38 am

more_horiz
To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall


web.longfintuna.net popup Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*******************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

web.longfintuna.net popup Diskcleanup2

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

web.longfintuna.net popup Diskcleanup

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup5th October 2013, 7:44 pm

more_horiz
Everything is working great.

Thanks Superdave!

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup5th October 2013, 10:32 pm

more_horiz
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

descriptionweb.longfintuna.net popup EmptyRe: web.longfintuna.net popup

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum