Ukash blocking pc

[Adder]

I'm really sorry but I can't click on the link above to be able to follow your instructions about adding an OTL and a aswMBR whatever they are. But if they are really needed could you also help me with this. I hope someone can help me and I also hope I'm able to follow instructions using this phone. I look forward to a reply.
Adder

 

[Adder]

well I've managed to get hold of an ibook g4 (if only I knew how to right click) but I haven't been able to find the link to show me how to get the 0TL & aswMBR logs so if anyone can help me there I'd apreaciate it. I have managed to find the malware removal guide though but it wont let me open in safe mode and with networking but as I said it will let me open in safe mode with command prompt. Thanks in advance for any help given.
Adder

 

[Adder]

Sorry about the re-posting ! you may have guessed that I'm not very computer literate. But I found the link that shows how to get the OTL & aswMBR logs but I'm unable to get these logs as I'm unable to use the computer in normal mode. All I get is the screen telling me to pay them £100.

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

<h3>STEP 1 :Try Start your computer in Safe Mode with Networking</h3>
<ol><li>Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
<li><>Press and hold the F8 key as your computer restarts</>.Please keep in mind that you need to press the F8 key <>before the Windows start-up logo appears</>.
<em>Note</em>: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", <>tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
<li>On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>
<hr />

We have to download some tools into a Flash Drive or into a CD... So is it possible for you to do it on any other computer. Like your Friends or work computer?

 

[Adder]

Hi, thanks for your reply. Unfortunatly I've already jumped the gun and I was just about to install HitmanPro Kickstart onto the infected computer. As per the instructions on this page => http://malwaretips.com/blogs/remove-ukash-virus/

But now I'll wait for your instructions

As for starting the computer in safe mode with networking. I can't. When I try the computer just restarts again.

And yes I've managed to borrow a friends computer which I am using to write this.

 

[kuttus]

Okay. Do you have a Flash Drive or a USB Drive? Is it possible to download one tool into that one?

 

[Adder]

Yes I have a flash drive

 

[kuttus]

Can you please try to run a scan with Farbar Recovery Scan Tool. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tooland save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Click on Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

 

[Adder]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2013 01
Ran by SYSTEM at 21-02-2013 16:43:09
Running from L:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKU\adder\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [969104 2012-12-10] (BitTorrent, Inc.)
HKU\adder\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247768 2012-12-05] (TomTom)
HKU\adder\...\Winlogon: [Shell] explorer.exe,C:\Users\adder\AppData\Roaming\skype.dat [42496 2011-11-16] ()
Tcpip\..\Interfaces\{ABE0D251-E77D-47F4-91B6-0C12BBAFAA1D}: [NameServer]192.168.1.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-12-05] (TomTom)
2 HDD & SSD access service; "C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe" [x]

==================== Drivers (Whitelisted) =====================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] ()
1 ISODrive; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
2 nxsIO32; \??\C:\Windows\SysWOW64\DRIVERS\nxsIO64.sys [1504 2012-11-28] ()
1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-08-04] (Windows (R) 2000 DDK provider)
3 ALSysIO; \??\C:\Users\adder\AppData\Local\Temp\ALSysIO64.sys [x]
1 sensorsview; \??\C:\Program Files (x86)\SensorsViewPro41\drv\sensorsview32_64.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========


2013-02-21 16:43 - 2013-02-21 16:43 - 00000000 ____D C:\FRST
2013-02-20 21:46 - 2013-02-21 08:11 - 00000004 ____A C:\Users\adder\AppData\Roaming\skype.ini
2013-02-20 00:54 - 2013-02-21 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-16 16:02 - 2013-02-16 16:02 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-02-16 16:02 - 2013-02-16 16:02 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-02-16 15:59 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-16 15:59 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-16 15:59 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-16 15:59 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-16 15:59 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-16 15:59 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-16 15:59 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-16 15:59 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-16 15:59 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-16 15:59 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-16 15:59 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-16 15:59 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-16 15:59 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-16 15:59 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-16 15:59 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-16 15:59 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-16 15:59 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-16 15:59 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-16 15:59 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-16 15:59 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-16 15:59 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-16 15:59 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-16 15:59 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-16 15:59 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-16 15:59 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-16 15:59 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-16 15:59 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-16 15:59 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-16 15:59 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-16 15:59 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-16 15:59 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-16 15:59 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-16 03:50 - 2013-02-16 03:50 - 00253952 ____A (Toast442.org
2013-02-15 23:00 - 2013-02-21 15:54 - 00000000 ____D C:\Users\adder\AppData\Local\BinaryMark
2013-02-15 23:00 - 2013-02-15 23:00 - 00000000 ____D C:\Users\adder\AppData\Roaming\BinaryMark
2013-02-15 22:59 - 2013-02-21 15:50 - 00000000 ____D C:\Program Files (x86)\BinaryMark
2013-02-15 22:58 - 2013-02-15 22:58 - 05522935 ____A C:\Users\adder\Downloads\BatchHashGenSetupT.exe
2013-02-15 21:07 - 2013-02-15 21:16 - 00514560 ____A C:\Users\adder\Downloads\md5v12005.exe
2013-02-15 15:54 - 2013-02-21 15:51 - 00000000 ____D C:\ProgramData\Ask
2013-02-15 11:59 - 2013-02-15 11:59 - 00000406 _RASH C:\ProgramData\ntuser.pol
2013-02-13 23:57 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-13 23:57 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-13 23:57 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-13 22:56 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-13 22:56 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-13 22:48 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-13 21:06 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 21:06 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 21:06 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 21:06 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 21:06 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 21:06 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-13 08:15 - 2013-02-13 08:15 - 00426757 ____A ( ) C:\Users\adder\Downloads\md5check_setup.exe
2013-02-08 13:38 - 2013-02-08 13:38 - 00088640 ____A (Spotify Ltd) C:\Users\adder\Downloads\SpotifySetup.exe
2013-02-05 14:10 - 2013-02-05 14:10 - 00002984 ____A C:\Users\adder\Downloads\small_triambic_icosahedron.wrl
2013-02-05 13:23 - 2013-02-05 13:23 - 00001774 ____A C:\Users\adder\Downloads\icosahedron.wrl
2013-02-04 11:17 - 2013-02-04 11:17 - 00000000 ____D C:\Users\adder\Documents\Codemasters
2013-02-04 11:13 - 2008-04-28 07:53 - 00805400 ___RA (Creative Labs Inc.) C:\Windows\SysWOW64\tmp9AE9.tmp
2013-02-04 11:12 - 2008-04-28 07:53 - 00805400 ___RA (Creative Labs Inc.) C:\Windows\SysWOW64\tmp9AC9.tmp
2013-02-01 19:40 - 2013-02-01 19:40 - 00012208 ____A C:\Users\adder\Downloads\[pornoshara.tv].id91304_[_t1587866.torrent
2013-01-29 18:45 - 2013-01-29 18:45 - 00019386 ____A C:\Users\adder\Downloads\[pornoshara.tv].id70413_[03566.torrent
2013-01-29 14:17 - 2013-01-29 14:17 - 00000031 ____A C:\Users\adder\Desktop\G - plan.txt
2013-01-27 19:04 - 2013-01-27 19:04 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (4).torrent
2013-01-27 15:37 - 2013-01-27 15:41 - 00000000 ____D C:\Users\adder\Documents\Map Overlays
2013-01-27 15:37 - 2013-01-27 15:37 - 00002447 ____A C:\Users\Public\Desktop\Memory-Map OS-5.lnk
2013-01-27 15:37 - 2013-01-27 15:37 - 00000000 ____D C:\Program Files (x86)\Memory-Map
2013-01-27 15:05 - 2013-01-27 15:09 - 00000000 ____D C:\OziExplorer
2013-01-25 16:09 - 2013-01-25 16:09 - 00014487 ____A C:\Users\adder\Downloads\[pornoshara.tv].id33890_Mad_Sex_Party_Splash_Bang_and_Hot_Tub_Club_XXX_DVDRip_XviD_Jiggly.torrent
2013-01-25 16:06 - 2013-01-25 16:06 - 00014527 ____A C:\Users\adder\Downloads\[pornoshara.tv].id48808_12.torrent
2013-01-25 16:03 - 2013-01-25 16:03 - 00014521 ____A C:\Users\adder\Downloads\[pornoshara.tv].id46709_294101.torrent
2013-01-25 16:03 - 2013-01-25 16:03 - 00014521 ____A C:\Users\adder\Downloads\[pornoshara.tv].id46709_294101 (1).torrent
2013-01-25 10:09 - 2013-01-25 10:09 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (5).torrent
2013-01-25 10:09 - 2013-01-25 10:09 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (4).torrent
2013-01-25 10:09 - 2013-01-25 10:09 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (3).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (5).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (4).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (3).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (2).torrent
2013-01-25 10:04 - 2013-01-25 10:04 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410.torrent
2013-01-25 10:04 - 2013-01-25 10:04 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (1).torrent
2013-01-25 10:02 - 2013-01-25 10:02 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (3).torrent
2013-01-25 10:01 - 2013-01-25 10:01 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (2).torrent
2013-01-25 10:00 - 2013-01-25 10:00 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (2).torrent
2013-01-25 10:00 - 2013-01-25 10:00 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1.torrent
2013-01-25 10:00 - 2013-01-25 10:00 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (1).torrent
2013-01-25 09:59 - 2013-01-25 09:59 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1.torrent
2013-01-25 09:59 - 2013-01-25 09:59 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (1).torrent

==================== One Month Modified Files and Folders =======

2013-02-21 16:43 - 2013-02-21 16:43 - 00000000 ____D C:\FRST
2013-02-21 15:57 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-02-21 15:54 - 2013-02-15 23:00 - 00000000 ____D C:\Users\adder\AppData\Local\BinaryMark
2013-02-21 15:54 - 2012-11-13 10:11 - 00000000 ____D C:\users\UpdatusUser.adder-PC.000
2013-02-21 15:54 - 2012-11-05 11:33 - 00000000 ____D C:\Windows\System32\Macromed
2013-02-21 15:54 - 2012-11-04 09:06 - 00000000 ____D C:\Users\adder\AppData\Roaming\vlc
2013-02-21 15:54 - 2012-11-04 09:04 - 00000000 ____D C:\Users\adder\AppData\Roaming\EAC
2013-02-21 15:54 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-02-21 15:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-02-21 15:53 - 2013-02-20 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-02-21 15:53 - 2012-11-04 08:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-02-21 15:53 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-02-21 15:53 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-02-21 15:51 - 2013-02-15 15:54 - 00000000 ____D C:\ProgramData\Ask
2013-02-21 15:51 - 2012-11-04 09:04 - 00000000 ____D C:\Users\adder\AppData\Roaming\foobar2000
2013-02-21 15:50 - 2013-02-15 22:59 - 00000000 ____D C:\Program Files (x86)\BinaryMark
2013-02-21 15:50 - 2012-11-16 23:36 - 00000000 ____D C:\Program Files\Microsoft Office
2013-02-21 08:11 - 2013-02-20 21:46 - 00000004 ____A C:\Users\adder\AppData\Roaming\skype.ini
2013-02-21 08:11 - 2012-11-19 11:09 - 00012012 ____A C:\Windows\AutoKMS.log
2013-02-21 08:11 - 2012-11-04 09:06 - 00000000 ____D C:\Users\adder\AppData\Roaming\uTorrent
2013-02-21 08:10 - 2012-11-14 09:18 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-21 08:10 - 2012-11-04 21:05 - 00000000 ____D C:\ProgramData\NVIDIA
2013-02-21 08:10 - 2012-11-04 08:52 - 00000000 ____D C:\users\adder
2013-02-21 08:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-21 08:10 - 2009-07-13 20:51 - 00037748 ____A C:\Windows\setupact.log
2013-02-20 22:02 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-02-20 21:56 - 2009-07-13 20:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-20 21:56 - 2009-07-13 20:45 - 00021472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-20 21:53 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-20 21:52 - 2012-11-04 08:47 - 01737321 ____A C:\Windows\WindowsUpdate.log
2013-02-20 21:43 - 2012-11-05 11:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-20 21:28 - 2012-11-14 09:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-20 20:48 - 2013-01-04 08:56 - 00000000 ____D C:\Users\adder\Desktop\balloons
2013-02-16 16:22 - 2009-07-13 20:45 - 04996320 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-16 16:06 - 2012-11-16 17:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-02-16 16:06 - 2012-11-09 13:56 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-16 16:02 - 2013-02-16 16:02 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-02-16 16:02 - 2013-02-16 16:02 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-02-16 03:50 - 2013-02-16 03:50 - 00253952 ____A (Toast442.org
2013-02-15 23:00 - 2013-02-15 23:00 - 00000000 ____D C:\Users\adder\AppData\Roaming\BinaryMark
2013-02-15 22:58 - 2013-02-15 22:58 - 05522935 ____A C:\Users\adder\Downloads\BatchHashGenSetupT.exe
2013-02-15 21:16 - 2013-02-15 21:07 - 00514560 ____A C:\Users\adder\Downloads\md5v12005.exe
2013-02-15 11:59 - 2013-02-15 11:59 - 00000406 _RASH C:\ProgramData\ntuser.pol
2013-02-13 08:15 - 2013-02-13 08:15 - 00426757 ____A ( ) C:\Users\adder\Downloads\md5check_setup.exe
2013-02-10 06:46 - 2012-11-05 11:33 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-10 06:46 - 2012-11-05 11:33 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-08 13:38 - 2013-02-08 13:38 - 00088640 ____A (Spotify Ltd) C:\Users\adder\Downloads\SpotifySetup.exe
2013-02-05 14:10 - 2013-02-05 14:10 - 00002984 ____A C:\Users\adder\Downloads\small_triambic_icosahedron.wrl
2013-02-05 13:23 - 2013-02-05 13:23 - 00001774 ____A C:\Users\adder\Downloads\icosahedron.wrl
2013-02-04 11:17 - 2013-02-04 11:17 - 00000000 ____D C:\Users\adder\Documents\Codemasters
2013-02-04 11:17 - 2012-11-26 12:54 - 00000000 ____D C:\ProgramData\Codemasters
2013-02-04 11:13 - 2012-11-10 12:17 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-02-04 11:13 - 2012-11-10 10:52 - 00308311 ____A C:\Windows\DirectX.log
2013-02-04 10:57 - 2012-11-10 12:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-02-04 10:57 - 2012-11-10 12:03 - 00000000 ____D C:\Program Files (x86)\Codemasters
2013-02-01 19:40 - 2013-02-01 19:40 - 00012208 ____A C:\Users\adder\Downloads\[pornoshara.tv].id91304_[_t1587866.torrent
2013-01-29 18:45 - 2013-01-29 18:45 - 00019386 ____A C:\Users\adder\Downloads\[pornoshara.tv].id70413_[03566.torrent
2013-01-29 14:17 - 2013-01-29 14:17 - 00000031 ____A C:\Users\adder\Desktop\G - plan.txt
2013-01-28 00:45 - 2013-01-14 11:17 - 00000000 ____D C:\Users\adder\Documents\Calibre Library
2013-01-28 00:14 - 2012-11-04 20:11 - 00000000 ____D C:\Users\adder\AppData\Local\Adobe
2013-01-27 19:04 - 2013-01-27 19:04 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (4).torrent
2013-01-27 16:18 - 2012-12-24 18:13 - 00000000 ____D C:\Users\adder\Desktop\Sand
2013-01-27 16:12 - 2013-01-07 19:23 - 00000000 ____D C:\Users\adder\Desktop\Windows Loader
2013-01-27 15:41 - 2013-01-27 15:37 - 00000000 ____D C:\Users\adder\Documents\Map Overlays
2013-01-27 15:37 - 2013-01-27 15:37 - 00002447 ____A C:\Users\Public\Desktop\Memory-Map OS-5.lnk
2013-01-27 15:37 - 2013-01-27 15:37 - 00000000 ____D C:\Program Files (x86)\Memory-Map
2013-01-27 15:09 - 2013-01-27 15:05 - 00000000 ____D C:\OziExplorer
2013-01-25 16:09 - 2013-01-25 16:09 - 00014487 ____A C:\Users\adder\Downloads\[pornoshara.tv].id33890_Mad_Sex_Party_Splash_Bang_and_Hot_Tub_Club_XXX_DVDRip_XviD_Jiggly.torrent
2013-01-25 16:06 - 2013-01-25 16:06 - 00014527 ____A C:\Users\adder\Downloads\[pornoshara.tv].id48808_12.torrent
2013-01-25 16:03 - 2013-01-25 16:03 - 00014521 ____A C:\Users\adder\Downloads\[pornoshara.tv].id46709_294101.torrent
2013-01-25 16:03 - 2013-01-25 16:03 - 00014521 ____A C:\Users\adder\Downloads\[pornoshara.tv].id46709_294101 (1).torrent
2013-01-25 10:09 - 2013-01-25 10:09 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (5).torrent
2013-01-25 10:09 - 2013-01-25 10:09 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (4).torrent
2013-01-25 10:09 - 2013-01-25 10:09 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (3).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (5).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (4).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (3).torrent
2013-01-25 10:05 - 2013-01-25 10:05 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (2).torrent
2013-01-25 10:04 - 2013-01-25 10:04 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410.torrent
2013-01-25 10:04 - 2013-01-25 10:04 - 00020095 ____A C:\Users\adder\Downloads\[pornoshara.tv].id89886_[t1577410 (1).torrent
2013-01-25 10:02 - 2013-01-25 10:02 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (3).torrent
2013-01-25 10:01 - 2013-01-25 10:01 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (2).torrent
2013-01-25 10:00 - 2013-01-25 10:00 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (2).torrent
2013-01-25 10:00 - 2013-01-25 10:00 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1.torrent
2013-01-25 10:00 - 2013-01-25 10:00 - 00014445 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90279_1 (1).torrent
2013-01-25 09:59 - 2013-01-25 09:59 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1.torrent
2013-01-25 09:59 - 2013-01-25 09:59 - 00019615 ____A C:\Users\adder\Downloads\[pornoshara.tv].id90254_1 (1).torrent


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-06 21:51:12
Restore point made on: 2013-02-13 08:16:56
Restore point made on: 2013-02-16 15:59:06
Restore point made on: 2013-02-20 10:06:01
Restore point made on: 2013-02-20 22:01:06
Restore point made on: 2013-02-21 02:54:00

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8190.18 MB
Available physical RAM: 7378.13 MB
Total Pagefile: 8188.38 MB
Available Pagefile: 7376.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:380.21 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:1397.26 GB) (Free:423.38 GB) NTFS
3 Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (Iomega HDD) (Fixed) (Total:1397.26 GB) (Free:466.37 GB) NTFS
5 Drive h: () (Fixed) (Total:931.41 GB) (Free:568.91 GB) NTFS
8 Drive k: (USB-HDD) (Fixed) (Total:1397.26 GB) (Free:195.07 GB) NTFS
9 Drive l: (HITMANPRO) (Removable) (Total:7.47 GB) (Free:7.47 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (New Volume) (Fixed) (Total:698.63 GB) (Free:590.9 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 1397 GB 0 B
Disk 2 Online 465 GB 0 B
Disk 3 Online 931 GB 0 B
Disk 4 Online 1397 GB 1024 KB
Disk 5 Online 1397 GB 1024 KB
Disk 6 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Disk ID: A4E7FCA5

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y New Volume NTFS Partition 698 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 3B0FCB26

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D New Volume NTFS Partition 1397 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 3FDBE828

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Disk ID: 6448D875

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 3
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 H NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 4:
===============

Disk ID: 27E9BFE8

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

==================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 G Iomega HDD NTFS Partition 1397 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Disk ID: 17FF1029

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

==================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K USB-HDD NTFS Partition 1397 GB Healthy

=========================================================

Partitions of Disk 6:
===============

Disk ID: 084B467B

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7663 MB 31 KB

==================================================================================

Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L HITMANPRO FAT32 Removable 7663 MB Healthy

=========================================================

Last Boot: 2013-02-12 16:55

==================== End Of Log =============================

 

[kuttus]

Now please download this file and save it to your Flash Drive.

[attachment=3676]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

 

[Adder]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-02-2013 01
Ran by SYSTEM at 2013-02-21 17:10:46 Run:1
Running from L:\

==============================================

C:\Users\adder\AppData\Roaming\skype.ini moved successfully.
C:\Users\adder\Downloads\BatchHashGenSetupT.exe moved successfully.
C:\Users\adder\Downloads\md5v12005.exe moved successfully.
C:\Users\adder\Downloads\md5check_setup.exe moved successfully.
C:\Users\adder\AppData\Roaming\skype.ini not found.
C:\Users\adder\AppData\Roaming\skype.dat moved successfully.

==== End of Fixlog ====

Wow I have my desktop back

 

[kuttus]

Great to hear that you can see your desktop now......... :dance3:


STEP 1: Repair your Windows Registry from this infection malicious changes.

This infection has changed your Windows registry settings so that when you try to start the computer it will load the infections instead of your Windows Desktop.

1. Download the WinlogOnFix.reg file to fix the malicious registry changes from This infection.
   REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called WinlogonFix.reg)
2. Double-click on WinlogonFix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.

<hr />

STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

 

[Adder]

Well looks like it's sorted, thanks very much for your help. I don't know what I would of done with out it. Have you any idea where it came from ? So I can keep away from it. Though I think from now on I'll start being more security conscious. And here's the log =>

HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : ADDER-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : adder-PC\adder
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-02-21 17:50:35
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1h 12m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 133

   Objects scanned . . . : 1,496,898
   Files scanned . . . . : 66,227
   Remnants scanned  . . : 402,440 files / 1,028,231 keys

Malware _____________________________________________________________________

   C:\Users\adder\AppData\Local\Temp\1511831484.exe -> Quarantined
      Size . . . . . . . : 42,496 bytes
      Age  . . . . . . . : 0.5 days (2013-02-21 05:41:14)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : CCB2BCD2BAC1B101E06BEE92D67C0C5EF30953CF35BB373931A13F879E913AA4
    > Ikarus . . . . . . : Trojan.Win32.Yakes!IK
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F34U.tmp
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F34V.tmp
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F34W.tmp
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F34X.tmp
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F34Y.tmp
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F352.tmp
         -42.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F354.tmp
         -32.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F356.tmp
         -32.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F357.tmp
         -24.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F358.tmp
         -22.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F359.tmp
         -22.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35A.tmp
         -0.8s C:\Users\adder\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\72ca63ea-7000f25b.idx
         -0.8s C:\Users\adder\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\72ca63ea-7000f25b
         -0.5s C:\Users\adder\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5d77024b-784a7384
         -0.5s C:\Users\adder\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5d77024b-784a7384.idx
          0.0s C:\Users\adder\AppData\Local\Temp\1511831484.exe
          0.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35F.tmp
          0.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35G.tmp
          0.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35H.tmp
          5.6s C:\Windows\Prefetch\1511831484.EXE-8678E178.pf
          6.1s C:\Windows\Prefetch\NVTRAY.EXE-7D357916.pf
         15.8s C:\Windows\Prefetch\SVCHOST.EXE-48764D68.pf
         16.2s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35L.tmp
         16.4s C:\Users\adder\AppData\Roaming\Microsoft\Windows\Recent\Mad Sex Party - Picking Up Pussy Miss Best Czech Girl 2012 DVDRip-[rarbg.com].torrent.lnk
         17.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35M.tmp
         23.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35N.tmp
         24.2s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35O.tmp
         27.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35P.tmp
         27.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35Q.tmp
         27.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35R.tmp
         27.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35S.tmp
         27.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35T.tmp
         27.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35U.tmp
         27.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35V.tmp
         27.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35W.tmp
         27.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35X.tmp
         27.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35Y.tmp
         43.0s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F35Z.tmp
         47.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F360.tmp
         47.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F361.tmp
         47.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F362.tmp
         47.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F363.tmp
         47.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F364.tmp
         47.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F365.tmp
         47.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F366.tmp
         53.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F367.tmp
         57.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F368.tmp
         57.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F369.tmp
         57.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36A.tmp
         57.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36D.tmp
         57.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36E.tmp
         77.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36G.tmp
         77.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36I.tmp
         87.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36M.tmp
         87.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36N.tmp
         87.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36O.tmp
         87.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36P.tmp
         87.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36Q.tmp
         117.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36R.tmp
         127.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36S.tmp
         127.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36T.tmp
         127.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36U.tmp
         127.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36W.tmp
         137.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36X.tmp
         137.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36Y.tmp
         137.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F36Z.tmp
         137.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F370.tmp
         137.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F371.tmp
         137.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F375.tmp
         147.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F377.tmp
         147.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F378.tmp
         147.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F379.tmp
         147.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37A.tmp
         147.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37B.tmp
         147.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37D.tmp
         157.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37E.tmp
         157.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37F.tmp
         157.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37G.tmp
         157.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37H.tmp
         167.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007B\opr0F37J.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37K.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37L.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37M.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37N.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37O.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37P.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37Q.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37T.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37V.tmp
         177.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37X.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37Y.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F37Z.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F380.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F381.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F382.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F383.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F384.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F386.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F388.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F389.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38A.tmp
         187.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38C.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38E.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38F.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38G.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38H.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38I.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38J.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38L.tmp
         207.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38M.tmp
         208.2s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38N.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38O.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38P.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38Q.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38R.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38S.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38T.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38U.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38V.tmp
         217.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38W.tmp
         225.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38X.tmp
         227.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38Y.tmp
         227.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F38Z.tmp
         227.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F391.tmp
         234.7s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F392.tmp
         234.7s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F393.tmp
         234.7s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F394.tmp
         237.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F395.tmp
         240.1s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F396.tmp
         247.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F397.tmp
         247.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F398.tmp
         247.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39A.tmp
         257.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39B.tmp
         257.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39C.tmp
         257.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39E.tmp
         259.8s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39F.tmp
         262.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39G.tmp
         265.4s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39H.tmp
         265.9s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39I.tmp
         265.9s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39J.tmp
         266.7s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39K.tmp
         267.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39L.tmp
         267.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39N.tmp
         267.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39Q.tmp
         267.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39R.tmp
         267.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39S.tmp
         272.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39T.tmp
         272.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39U.tmp
         272.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39V.tmp
         272.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39W.tmp
         272.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39X.tmp
         272.5s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F39Y.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A0.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A1.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A2.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A3.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A5.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A6.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A8.tmp
         276.3s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3A9.tmp
         300.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3AC.tmp
         305.9s C:\FRST\Quarantine\skype.ini
         306.6s C:\Users\adder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TE0ORL5V\61983[1]
         307.5s C:\Users\adder\AppData\Local\Temp\av_noav.png
         307.5s C:\Users\adder\AppData\Local\Temp\ic_5_1.jpg
         307.5s C:\Users\adder\AppData\Local\Temp\ic_5_2.jpg
         307.5s C:\Users\adder\AppData\Local\Temp\me_error.png
         307.5s C:\Users\adder\AppData\Local\Temp\me_notice.png
         307.6s C:\Users\adder\AppData\Local\Opera\Opera\cache\g_007C\opr0F3AD.tmp
         316.2s C:\Windows\Prefetch\CTFMON.EXE-79423C0A.pf
         323.6s C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
         323.7s C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf

   C:\Users\adder\AppData\Local\Temp\1jfuweif.exe -> Deleted
      Size . . . . . . . : 66,048 bytes
      Age  . . . . . . . : 19.7 days (2013-02-01 23:49:28)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : D1FDE922187C929E895515A6050B5EBDFE565EC5F9C5A79E0E4113785F7A7922
      Product
      Publisher
      Description
      Version
      Copyright
    > G Data . . . . . . : Trojan.Generic.KD.845480 (Engine A)
    > Ikarus . . . . . . : Trojan.Win32.Yakes!IK
      Fuzzy  . . . . . . : 107.0
      Forensic Cluster
          0.0s C:\Users\adder\AppData\Local\Temp\1jfuweif.exe
          0.7s C:\Users\adder\AppData\Local\Temp\2jfuweif.exe
         17.8s C:\Users\adder\AppData\Local\Temp\a-squared.png
         17.8s C:\Users\adder\AppData\Local\Temp\adaware.png
         17.8s C:\Users\adder\AppData\Local\Temp\arcavir.png
         17.8s C:\Users\adder\AppData\Local\Temp\avast.png
         17.8s C:\Users\adder\AppData\Local\Temp\avg.png
         17.8s C:\Users\adder\AppData\Local\Temp\avira.png
         17.8s C:\Users\adder\AppData\Local\Temp\bitdefender.png
         17.8s C:\Users\adder\AppData\Local\Temp\clamwin.png
         17.8s C:\Users\adder\AppData\Local\Temp\comodo.png
         17.8s C:\Users\adder\AppData\Local\Temp\drweb.png
         17.8s C:\Users\adder\AppData\Local\Temp\error.png
         17.8s C:\Users\adder\AppData\Local\Temp\ewido.png
         17.8s C:\Users\adder\AppData\Local\Temp\f-prot.png
         17.8s C:\Users\adder\AppData\Local\Temp\f-secure.png
         17.9s C:\Users\adder\AppData\Local\Temp\gdata.png
         17.9s C:\Users\adder\AppData\Local\Temp\header.jpg
         17.9s C:\Users\adder\AppData\Local\Temp\ic_1.png
         17.9s C:\Users\adder\AppData\Local\Temp\ic_2.png
         17.9s C:\Users\adder\AppData\Local\Temp\ic_2_1.png
         17.9s C:\Users\adder\AppData\Local\Temp\ic_2_2.png
         17.9s C:\Users\adder\AppData\Local\Temp\ic_2_3.png
         17.9s C:\Users\adder\AppData\Local\Temp\ikarus.png
         17.9s C:\Users\adder\AppData\Local\Temp\index.html
         17.9s C:\Users\adder\AppData\Local\Temp\kaspersky.png
         17.9s C:\Users\adder\AppData\Local\Temp\mcafee.png
         17.9s C:\Users\adder\AppData\Local\Temp\mse.png
         17.9s C:\Users\adder\AppData\Local\Temp\nod32.png
         17.9s C:\Users\adder\AppData\Local\Temp\norton.png
         17.9s C:\Users\adder\AppData\Local\Temp\nosignal.jpg
         17.9s C:\Users\adder\AppData\Local\Temp\notice.png
         17.9s C:\Users\adder\AppData\Local\Temp\onecare.png
         17.9s C:\Users\adder\AppData\Local\Temp\outpost.png
         17.9s C:\Users\adder\AppData\Local\Temp\panda.png
         17.9s C:\Users\adder\AppData\Local\Temp\sophos.png
         17.9s C:\Users\adder\AppData\Local\Temp\style.css
         17.9s C:\Users\adder\AppData\Local\Temp\trendmicro.png
         17.9s C:\Users\adder\AppData\Local\Temp\vba.png
         17.9s C:\Users\adder\AppData\Local\Temp\vexira.png
         17.9s C:\Users\adder\AppData\Local\Temp\zonealarm.png

   C:\Windows\AutoKMS.exe -> Deleted
      Size . . . . . . . : 472,576 bytes
      Age  . . . . . . . : 96.7 days (2012-11-17 01:48:50)
      Entropy  . . . . . : 5.3
      SHA-256  . . . . . : EFCA51E481452CB23F89F44016AEF1EC4550E1827A5AC77EA15E36AEBA14620D
      Needs elevation  . : Yes
      Product  . . . . . : AutoKMS
      Publisher  . . . . : Microsoft
      Description  . . . : AutoKMS
      Version  . . . . . : 2.0.0.0
      Copyright  . . . . : CODYQX4
    > G Data . . . . . . : Trojan.Generic.4721812 (Engine-A)
    > Ikarus . . . . . . : Trojan.Win32.Meredrop!IK
      Fuzzy  . . . . . . : 102.0


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-1445939191-3376096574-3246143147-1001\Software\Softonic\ (Softonic)

Cookies _____________________________________________________________________

   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betweendigital.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:hotlog.ru
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoshara.tv
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\adder\AppData\Roaming\Microsoft\Windows\Cookies\3XBOSL6S.txt
   C:\Users\adder\AppData\Roaming\Microsoft\Windows\Cookies\5XAM0Q2M.txt
   C:\Users\adder\AppData\Roaming\Microsoft\Windows\Cookies\A85IWM8H.txt
   C:\Users\adder\AppData\Roaming\Microsoft\Windows\Cookies\FFRQS3P5.txt
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:122.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:a1.interclick.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ad.360yield.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:adbrite.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ads.guru3d.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ads.lzjl.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:adserver.adtechus.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:adtech.de
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:advertising.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:adviva.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:apmebf.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ar.atwola.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:at.atwola.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:atdmt.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:atwola.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:burstnet.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:casalemedia.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:clicksor.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:collective-media.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:dmtracker.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:doubleclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:fastclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:googleads.g.doubleclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:h.atdmt.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:in.getclicky.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:interclick.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:invitemedia.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:kontera.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:media6degrees.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:mediaplex.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:myroitracking.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:paypal.112.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:pluckit.demandmedia.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:questionmarket.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:revsci.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:ru4.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:serving-sys.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:smartadserver.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:specificclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:stat.dealtime.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:statcounter.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:stats.paypal.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:track.adform.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:tribalfusion.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:uk.sitestat.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:www.googleadservices.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:xiti.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:yadro.ru
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\cookies.sqlite:yieldmanager.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:112.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ad.360yield.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:adbrite.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ads.audience2media.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ads.p161.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:adtech.de
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:adtechus.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:advertising.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:apmebf.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:at.atwola.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:atdmt.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:burstnet.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:c.atdmt.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:casalemedia.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:collective-media.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:dmtracker.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:doubleclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:fastclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:h.atdmt.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:hotlog.ru
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:in.getclicky.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:invitemedia.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:kontera.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:linksynergy.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:media6degrees.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:mediaplex.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:paypal.112.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:pornoshara.tv
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:pubads.g.doubleclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:questionmarket.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:rabbitporno.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:revsci.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:royalmail.112.2o7.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:ru4.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:serving-sys.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:siripornstar.tumblr.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:smartadserver.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:specificclick.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:statcounter.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:stats.paypal.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:track.adform.net
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:track.bangmyhotwife.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:tribalfusion.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:www.googleadservices.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:www.madsexparty.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:xiti.com
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\cookies.sqlite:yadro.ru
   C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\rs501tu6.default\cookies.sqlite:statse.webtrendslive.com

Thanks again Adder

 

[kuttus]

This particular infection has come from some insecure website. When you visit an unsafe website, a message pops up and tells you to first download a newer version of Flash player to play the video or to view this website. You might get inclined to click on the pop up for the reason that it's telling you to install a newer version of flash player, Please do not do this. It's a virus.

In order to avoid all this type infections from the internet please remove the temporary files from the computer daily.


Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

STEP 2: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

 

[Adder]

Here is the contents of JRT.txt =>

____________________________________________



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Ultimate x64
Ran by adder on 21/02/2013 at 23:00:57.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1445939191-3376096574-3246143147-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\adder\AppData\Roaming\cleanmypc software"
Successfully deleted: [Folder] "C:\Users\adder\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\adder\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\adder\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\adder\AppData\Roaming\mozilla\firefox\profiles\q6pd2sk9.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Emptied folder: C:\Users\adder\AppData\Roaming\mozilla\firefox\profiles\q6pd2sk9.default\minidumps [80 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\adder\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/02/2013 at 23:05:35.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


And here's the contents of AdwCleaner[S1].txt =>


_______________________________________________________________________
___________________________________________________________________________

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 01:45:46
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : adder - ADDER-PC
# Boot Mode : Normal
# Running from : C:\Users\adder\Downloads\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\searchplugins\Askcom.xml
File Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\searchplugins\Conduit.xml
File Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\Conduit
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\ConduitCommon
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\ConduitEngine
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\25911wmd.default\extensions\v4ffxtbr@DictionaryBoss.com
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\df639gsv.default\extensions\v4ffxtbr@DictionaryBoss.com
Folder Deleted : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\rs501tu6.default\extensions\v4ffxtbr@DictionaryBoss.com

***** [Registry] *****

Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\adder\AppData\Roaming\Mozilla\Firefox\Profiles\q6pd2sk9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\adder\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.10.1652.0

File : C:\Users\adder\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2746 octets] - [22/02/2013 01:45:46]

########## EOF - C:\AdwCleaner[S1].txt - [2806 octets] ##########

 

[kuttus]

Okay. So how's Everything working on the computer now? Are you facing any other issues on the computer now?

 

[Adder]

Hi, I haven't had chance to use my computer but from what use it has had everything is fine now, thanks again.
adder

 

[kuttus]

Okay. Just work on the computer as Normally and let me know if you are facing any issues.....

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

---

Keep your system updated

• Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 7 Home Edition - Don't use it with Online Armor
• Avira AntiVir Personal
• Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

• Online Armor
• Comodo Firewall - If you are an advance user

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware
• Temp File Cleaner by OldTimer

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

<hr />
What's next?

1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
3. Be an active member in the MalwareTips community!

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.​

 

[kuttus]

This thread is now closed.​

Reason:&nbsp;<span style="color: #ff0000;">Issue Resolved</span>​

<span style="color: #ff0000;"><>The procedures contained in this thread are for this user and this user only.&nbsp;&nbsp;Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.&nbsp;&nbsp;</></span>

<span style="color: #ff0000;"><>DO NOT use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.</></span>

All members requesting Malware Removal Assistance are required to follow all procedures in the thread

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.​