Solved Unknown HUGE file on system, merchants.txt, good or bad?

February 8, 2015 at 09:57:04
Specs: Win Seven Ultimate 64bit, 2.40g Intel Core2 Quad/8g Ram
Today while reading about Bitdefender's free antivirus I wondered if I had at some time downloaded it so I went to 'Start' clicked on it and put Bitdefender in the search bar. What came up was one entry, merchants.txt. The file is way too big to post here, I tried. If anyone knows what the heck this is I would like to know if I should keep it or delete it? It appears to be the url's of every business in Europe, mostly those in the UK. If there is another place to post the file for review, please let me know.

message edited by rimfire


See More: Unknown HUGE file on system, merchants.txt, good or bad?

Report •

✔ Best Answer
February 8, 2015 at 13:44:43
C:\Users\Bullion Room\Favorites\Desktop\Old Firefox Data\rvp1a9xk.default-1365708844126\adawaretb\coupons


FYI the 217,088 bytes file called merchants.txt is created by using Ad-Aware Security Add-on toolbar. It's just a depository and is presumed to be safe to delete as long as you have uninstalled the toolbar.

i_Xp/Vista/W7User

message edited by XpUser



#1
February 8, 2015 at 12:04:40
How large is the file and where is it located on your HDD?

Report •

#2
February 8, 2015 at 12:06:43
Perhaps copy it to a safe place; suggest to a usb stick or a dvdrw... Then delete it from its current location... Reboot and see if things still work OK?

Quite how you acquired it...?


Report •

#3
February 8, 2015 at 13:13:48
Jennifer, it's 217,088 bytes and opens with Notepad and is located in C:\Users\Bullion Room\Favorites\Desktop\Old Firefox Data\rvp1a9xk.default-1365708844126\adawaretb\coupons

message edited by rimfire


Report •

Related Solutions

#4
February 8, 2015 at 13:33:05
trvlr, done, it's no longer there. So far nothing has changed. The only problem I've had lately is I get the apparrently unsolvable popup "You don't have permission to save to this location" lately when I try to save images from some online sources, not all, just some. Strange, I haven't given up on trying to find out what caused that yet as all file permissions are set to allow me, the administratior, to do everything. Thanks for your suggestion.

message edited by rimfire


Report •

#5
February 8, 2015 at 13:44:43
✔ Best Answer
C:\Users\Bullion Room\Favorites\Desktop\Old Firefox Data\rvp1a9xk.default-1365708844126\adawaretb\coupons


FYI the 217,088 bytes file called merchants.txt is created by using Ad-Aware Security Add-on toolbar. It's just a depository and is presumed to be safe to delete as long as you have uninstalled the toolbar.

i_Xp/Vista/W7User

message edited by XpUser


Report •

#6
February 8, 2015 at 13:52:39
As I understand things... Some websites may restrict the option/ability to copy and save given image. A mix of copyright and security etc.?

Report •

#7
February 8, 2015 at 14:08:51
XpUser, thanks, I had deleted Ad-Aware a couple of weeks ago along with it's unwanted toobar. That may very well be where the file came from. Strange file, appears to be nothing but URL's of mainly European based businesses, thousands and thousands of them. Serves no purpose that I can see. Thanks for the info.

Report •

#8
February 8, 2015 at 14:18:42
Trvlr, I don't know and apparently neither does Microsoft, check out this info, none of which works, at least for me it doesn't. https://social.technet.microsoft.co... Something to toy around with in your spare time that a lot of folks would appreciate. Incidently, I have been saving things to the location of choice for years, up until last week. Something got changed, I'm still digging. Thanks.

Report •

#9
February 8, 2015 at 14:59:32
Here are the first 2 steps, there will be more steps needed after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#10
February 8, 2015 at 15:02:07
Half knowing something is a dangerous thing. I would probably download malwarebytes, let it run a scan, remove it what it finds, then run adw cleaner on it.
Those should remove most of the browser add ons. Be careful out there it's easy to get sucked in when you're not tech saavy. Ad aware by Lavasoft is a legit program.

http://filehippo.com/download_malwa...

http://filehippo.com/download_adwcl...

Do you use Bitdefender Anti virus or what do you have for anti virus?

To err is human but to really screw things up, you need a computer!

message edited by HopperRox


Report •

#11
February 10, 2015 at 11:15:23
John, here are the results of the first scan; # AdwCleaner v4.110 - Logfile created 10/02/2015 at 11:54:01
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Bullion Room - BULLIONROOM-PC
# Running from : C:\Users\Bullion Room\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\ProgramData\saivenshAre
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Dll-Files.com Fixer
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Bullion Room\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Bullion Room\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Bullion Room\AppData\Local\PackageAware
Folder Deleted : C:\Users\Bullion Room\AppData\Local\torch
Folder Deleted : C:\Users\Bullion Room\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Bullion Room\AppData\Local\HitsBlender
Folder Deleted : C:\Users\Bullion Room\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Bullion Room\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\FastMediaConverter
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\dll-files.com
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\Mozilla\Firefox\Profiles\rvp1a9xk.default-1365708844126\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\Extensions\adsremoval@adsremoval.net
Folder Deleted : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\Extensions\ascsurfingprotection@iobit.com
Folder Deleted : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Folder Deleted : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Deleted : C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Bullion Room\AppData\Roaming\Mozilla\Firefox\Profiles\35bfg43n.default-1412363816355\user.js
File Deleted : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\invalidprefs.js
File Deleted : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\user.js

***** [ Scheduled tasks ] *****

Task Deleted : Update Service SimpleFiles
Task Deleted : Price-Horse Updater
Task Deleted : Price-Horse
Task Deleted : LuckyTab
Task Deleted : Run_Bobby_Browser
Task Deleted : Update Service HitsBlender
Task Deleted : DLL-Files.Com Fixer_Updates
Task Deleted : DLL-Files.Com Fixer_MONTHLY

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\IObit Apps
Key Deleted : HKCU\Software\dll-files.com
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\IObit Apps
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\IObit Apps
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;mail.color-country.net;localhost;127.0.0.1

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18667


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[35bfg43n.default-1412363816355\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[35bfg43n.default-1412363816355\prefs.js] - Line Deleted : user_pref("extensions.7xvgSV9Ad.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script[...]

-\\ Pale Moon v

[rvp1a9xk.default-1365708844126\prefs.js] - Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[rvp1a9xk.default-1365708844126\prefs.js] - Line Deleted : user_pref("extensions.7xvgSV9Ad.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script[...]

-\\ Cyberfox v


-\\ Google Chrome v

[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}

-\\ Comodo Dragon v36.1.1.21

[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [13660 bytes] - [10/02/2015 11:48:46]
AdwCleaner[S0].txt - [13961 bytes] - [10/02/2015 11:54:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14021 bytes] ##########


Report •

#12
February 10, 2015 at 11:17:01
Second file, first scan: # AdwCleaner v4.110 - Logfile created 10/02/2015 at 11:48:46
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Bullion Room - BULLIONROOM-PC
# Running from : C:\Users\Bullion Room\Downloads\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\invalidprefs.js
File Found : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\user.js
File Found : C:\Users\Bullion Room\AppData\Roaming\Mozilla\Firefox\Profiles\35bfg43n.default-1412363816355\user.js
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Dll-Files.com Fixer
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Fighters
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\saivenshAre
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\Users\Bullion Room\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\Bullion Room\AppData\Local\CrashRpt
Folder Found : C:\Users\Bullion Room\AppData\Local\globalUpdate
Folder Found : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Found : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod
Folder Found : C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Bullion Room\AppData\Local\HitsBlender
Folder Found : C:\Users\Bullion Room\AppData\Local\PackageAware
Folder Found : C:\Users\Bullion Room\AppData\Local\torch
Folder Found : C:\Users\Bullion Room\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Bullion Room\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Bullion Room\AppData\Roaming\dll-files.com
Folder Found : C:\Users\Bullion Room\AppData\Roaming\DriverCure
Folder Found : C:\Users\Bullion Room\AppData\Roaming\FastMediaConverter
Folder Found : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\Extensions\adsremoval@adsremoval.net
Folder Found : C:\Users\Bullion Room\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\rvp1a9xk.default-1365708844126\Extensions\ascsurfingprotection@iobit.com
Folder Found : C:\Users\Bullion Room\AppData\Roaming\Mozilla\Firefox\Profiles\rvp1a9xk.default-1365708844126\Extensions\adremoveext@adremoveext.net
Folder Found : C:\Users\Bullion Room\AppData\Roaming\ParetoLogic

***** [ Scheduled tasks ] *****

Task Found : Update Service SimpleFiles
Task Found : Price-Horse Updater
Task Found : Price-Horse
Task Found : LuckyTab
Task Found : Run_Bobby_Browser
Task Found : Update Service HitsBlender
Task Found : DLL-Files.Com Fixer_Updates
Task Found : DLL-Files.Com Fixer_MONTHLY

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;mail.color-country.net;localhost;127.0.0.1
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\IObit Apps
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\dll-files.com
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\IObit Apps
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\dll-files.com
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\IObit Apps
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Clara
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\dll-files.com
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\IObit Apps
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18667


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[35bfg43n.default-1412363816355] - Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[35bfg43n.default-1412363816355] - Line Found : user_pref("extensions.7xvgSV9Ad.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script[...]

-\\ Pale Moon v

[rvp1a9xk.default-1365708844126] - Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[rvp1a9xk.default-1365708844126] - Line Found : user_pref("extensions.7xvgSV9Ad.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script[...]

-\\ Cyberfox v


-\\ Google Chrome v


-\\ Comodo Dragon v36.1.1.21

[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Bullion Room\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja
*************************

AdwCleaner[R0].txt - [13460 bytes] - [10/02/2015 11:48:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13520 bytes] ##########


Report •

#13
February 10, 2015 at 11:33:25
Results of the JRT scan:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Bullion Room on Tue 02/10/2015 at 12:21:48.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-

1111-110611131165}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-

110611131165}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{326E768D-4182-46FD-9C16-1449A49795F4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer

\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer

\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Driver Booster Startup.job

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ad-aware browsing protection"
Successfully deleted: [Folder] "C:\Users\Bullion Room\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Bullion Room\appdata\locallow\surfcanyon"

~~~ FireFox

Successfully deleted the following from C:\Users\Bullion Room\AppData\Roaming\mozilla\firefox\profiles\35bfg43n.default-

1412363816355\prefs.js

user_pref("extensions.7xvgSV9Ad.epoch", "1379335970");
user_pref("extensions.7xvgSV9Ad.url", "hxxp://getjpit.info/sync2/?

q=hfZ9ojC9rdk8hchEAen0qjaEtMqLDe49CNU0llrMCMlNhd9FrHa4rjwFpjn8rjUMBzqUojwHrdUFqjwGqjs8rih7hfs0pchPBMn0rTU5qTg
user_pref("extensions.xpiState", "{\"app-profile\":{\"feca4b87-3be4-43da-a1b1-137c24220968@jetpack\":{\"d\":\"C:\\\\Users\\\\Bullion

Room\\\\AppData\\\\Roaming\\\\Mozilla\\\\F
Emptied folder: C:\Users\Bullion Room\AppData\Roaming\mozilla\firefox\profiles\35bfg43n.default-1412363816355\minidumps [5 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/10/2015 at 12:28:38.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#14
February 10, 2015 at 11:43:09
HopperRox I have installed Malwarebytes, IObit Advanced System Care, Windows Defender and Microsoft Security Elements which run all the time I think. I tried Bitdefender but I got some undesirable results with it.

Report •

#15
February 10, 2015 at 13:02:01
Thanks rimfire

Step 3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#16
February 11, 2015 at 08:54:19
JohnW, info, I had run RogueKIller about a week or so ago too. Here is the report'
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bullion Room [Administrator]
Mode : Delete -- Date : 02/11/2015 09:50:55

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3572143823-1126559049-4124781893-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https:www.startpage.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3572143823-1126559049-4124781893-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https:www.startpage.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1AFC1D2C-A104-46A4-A7ED-A05F0E56CFA2} | DhcpNameServer : 10.0.0.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1AFC1D2C-A104-46A4-A7ED-A05F0E56CFA2} | DhcpNameServer : 10.0.0.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1AFC1D2C-A104-46A4-A7ED-A05F0E56CFA2} | DhcpNameServer : 10.0.0.2 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3572143823-1126559049-4124781893-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3572143823-1126559049-4124781893-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3572143823-1126559049-4124781893-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3572143823-1126559049-4124781893-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 35bfg43n.default-1412363816355 : user_pref("browser.startup.homepage", " https://startpage.com/do/mypage.pl?... -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200AAKX-00U6AA0 ATA Device +++++
--- User ---
[MBR] ef4651162fdb520a727b0d92b6d88426
[BSP] 4fff43ef6d009dbf5a25681abe1968f7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 296167 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 606550140 | Size: 9075 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_02072015_090403.log - RKreport_DEL_02072015_101225.log - RKreport_DEL_02072015_101357.log - RKreport_SCN_02072015_085835.log
RKreport_SCN_02072015_101800.log - RKreport_SCN_02112015_094936.log


Report •

#17
February 11, 2015 at 12:38:12
We are getting there rimfire, just a matter of uncovering the malware layer by layer.

Step 4: Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Step 5: Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#18
February 12, 2015 at 08:59:42

Report •

#19
February 12, 2015 at 09:33:15
Security Check file: Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Advanced SystemCare Ultimate
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
MVPS Hosts File
Spybot - Search & Destroy
[b][color=green] Java 64-bit 8 Update 31[/b][/color]
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
Mozilla Thunderbird (31.4.0)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[b][color=red]Spybot Teatimer.exe is disabled![/color][/b]
IObit IObit Malware Fighter IMFsrv.exe
Malwarebytes Anti-Exploit mbae.exe
Malwarebytes Anti-Exploit mbae-svc.exe
Malwarebytes Anti-Exploit mbae64.exe
Bullion Room Favorites Desktop SpecialMalwarePrograms\SecurityCheck.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 0%
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#20
February 12, 2015 at 13:17:35
Step 6: Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Task: {73043FCA-8E80-4A59-A1A2-804500D89E97} - \SidebarExecute No Task File <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search...
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> {37F6FA44-0491-461A-B0E0-32550AED6E70} URL = http://us.search.yahoo.com/search?p...
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search...
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> {9EA63300-A4E5-4DE5-AEE3-4C03EFC4F41D} URL = http://search.yahoo.com/search?fr=c...
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=902615&ilc=12&p=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (No Name) - C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnffdfaphkacilfogmbokncpbbfkocm [2013-09-11]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#21
February 12, 2015 at 15:10:37
Fixlog file:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Bullion Room at 2015-02-12 15:54:27 Run:1
Running from C:\Users\Bullion Room\Favorites\Desktop\SpecialMalwarePrograms
Loaded Profiles: Bullion Room (Available profiles: Bullion Room)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
Task: {73043FCA-8E80-4A59-A1A2-804500D89E97} - \SidebarExecute No Task File <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search...
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search...
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> {37F6FA44-0491-461A-B0E0-32550AED6E70} URL = http://us.search.yahoo.com/search?p...
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search...
SearchScopes: HKU\S-1-5-21-3572143823-1126559049-4124781893-1001 -> {9EA63300-A4E5-4DE5-AEE3-4C03EFC4F41D} URL = http://search.yahoo.com/search?fr=c...
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=902615&ilc=12&p=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (No Name) - C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnffdfaphkacilfogmbokncpbbfkocm [2013-09-11]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73043FCA-8E80-4A59-A1A2-804500D89E97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73043FCA-8E80-4A59-A1A2-804500D89E97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SidebarExecute" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3572143823-1126559049-4124781893-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3572143823-1126559049-4124781893-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37F6FA44-0491-461A-B0E0-32550AED6E70}" => Key deleted successfully.
HKCR\CLSID\{37F6FA44-0491-461A-B0E0-32550AED6E70} => Key not found.
"HKU\S-1-5-21-3572143823-1126559049-4124781893-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKU\S-1-5-21-3572143823-1126559049-4124781893-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9EA63300-A4E5-4DE5-AEE3-4C03EFC4F41D}" => Key deleted successfully.
HKCR\CLSID\{9EA63300-A4E5-4DE5-AEE3-4C03EFC4F41D} => Key not found.
Firefox Keyword.URL deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Bullion Room\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnffdfaphkacilfogmbokncpbbfkocm => Moved successfully.
VGPU => Service deleted successfully.
EmptyTemp: => Removed 9.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 15:54:40 ====


Report •

#22
February 12, 2015 at 15:17:34
If you are using the FREE version of Revo, this will apply.
Revo Uninstaller, 64-bit is only supported in the Pro ( paid ) version.
http://www.revouninstaller.com/revo...
http://i.imgur.com/souCjaz.gif

I use Wise, use it to uninstall Revo if necessary.

Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...


Report •

#23
February 12, 2015 at 15:26:49
From your Fixlog file:
"EmptyTemp: => Removed 9.5 GB temporary data"
Way, way to high.

Set all your browsers to keep 50mb Temp files.

Set Java to 100mb Temp.

Set System Restore to Min.


Report •

#24
February 12, 2015 at 15:46:34
I see it is only the Revo exe on your comp. This can be deleted.
C:\Users\Bullion Room\Revouninstaller.exe

Report •

#25
February 16, 2015 at 08:50:12
Gentlemen, forgive me for non-aprticipation lately, I'm still here, just dealing with a sinus infection that is determined to pusth my right eyeball down thru my upper teeth. Hopefully I'll be in action soon. Thanks to all for your help so far.

Report •

#26
February 16, 2015 at 14:03:50
"Hopefully I'll be in action soon"
Thanks for letting us know, catch you when you are better..

Report •

Ask Question