Virus and something, possible spyware

[Anonyme]

So ... these are the logs which are done in the exact sequence as prescribed ..

I hereby request kindly , who runs the business here, to pls take a look & help me diagnose the prob

Oh I m looking for a deliberate, 'alleged' spyware, among those.

Thank you   

(sorry for bad English)

                           . . .

Ok so here are copy pastes as told-

# AdwCleaner v5.029 - Logfile created 14/01/2016 at 19:36:22
# Updated 11/01/2016 by Xplode
# Database : 2016-01-12.1 [Server]
# Operating system : Windows 7 Ultimate  (x86)
# Username : ayush - AASHIRVAD-PC
# Running from : C:\Users\ayush.AASHIRVAD-PC\Downloads\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Check Point Software Technologies LTD
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmjncljkgahdabbocjkclllnlcclhkkk
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoigndlppflkepeincpkmgconnofndn
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iiefmdceonhjiljhaahopgbaldmblaph
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmjncljkgahdabbocjkclllnlcclhkkk
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iaoigndlppflkepeincpkmgconnofndn
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\iiefmdceonhjiljhaahopgbaldmblaph
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmjncljkgahdabbocjkclllnlcclhkkk
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoigndlppflkepeincpkmgconnofndn
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iiefmdceonhjiljhaahopgbaldmblaph
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmjncljkgahdabbocjkclllnlcclhkkk
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iaoigndlppflkepeincpkmgconnofndn
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd
[!] Folder Not Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\iiefmdceonhjiljhaahopgbaldmblaph
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Check Point Software Technologies LTD
[-] Folder Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\Extensions\[email protected]

***** [ Files ] *****

[-] File Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\searchplugins\zonealarm.xml
[-] File Deleted : C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\c
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
[-] Key Deleted : HKCU\Software\Check Point Software Technologies LTD
[-] Key Deleted : HKLM\SOFTWARE\Check Point Software Technologies LTD
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

***** [ Web browsers ] *****

[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Search By ZoneAlarm");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Search By ZoneAlarm");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=EN&gu=f68d71600eab47eb9082ddec9844ccd9&tu=10G9y00Mt2D33N0&sku=&tstsId=&ver=&");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=EN&gu=f68d71600eab47eb9082ddec9844ccd9&tu=10G9y00Mt2D33N0&sku=&tstsId=&ver=&");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=f68d71600eab47eb9082ddec9844ccd9&tu=10G9y00Mt2D33N0&sku=&tstsId=&ver=&&q=");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=EN&gu=f68d71600eab47eb9082ddec9844ccd9&tu=10G9y00Mt2D33N0&sku=&tstsId=&ver=&");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.srchPrvdr", "Search By ZoneAlarm");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=f68d71600eab47eb9082ddec9844ccd9&tu=10G9y00Mt2D33N0&sku=&tstsId=&ver=&&q=");
[-] [C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\Mozilla\Firefox\Profiles\jwfjccq2.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&gu=f68d71600eab47eb9082ddec9844ccd9&tu=10G9y00Mt2D33N0&sku=&tstsId=&ver=&&q=");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [8757 bytes] ##########








Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/14/2016
Scan Time: 7:44 PM
Logfile: mbam scan results.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: ayush

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 637225
Time Elapsed: 53 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.SupTab.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1027\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [d8775660b5d50b2b826ac5a2a95a22de],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CFLHECKFMHOPNIALGHIGDLGGAHIOMEBP, , [ed626353cebcea4c51ff19cdac577b85],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3052C348-BFE5-4B6D-BF45-C91CDBB45508}, , [d37c0ea8f298e55160a200e9e1226b95],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}, , [6be4833325651422d01917d0ae553bc5],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BBAD4AC7-803C-4025-98E8-4C15DBD9A3B4}, , [84cbf1c5fe8c11255b8e28bfdb289b65],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3289075, , [16391d99e0aa8aac2afce29f1de8916f],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1023\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}, , [7fd0d4e2197173c37f6a895ead56ba46],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-1023\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3289075, , [3d12b00609810036e04694ed08fd3dc3],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1027\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}, , [252a4b6b7713999db336c621857ec739],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-1027\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3289075, , [1d329e184c3e8bab0422730e14f116ea],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}, , [86c914a20e7cea4c7d6c4f98f70ceb15],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3289075, , [58f7e1d59bef83b368bec7ba0302738d],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}, , [c38ccfe721696dc99b4e82659271768a],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3289075, , [ec63dcda42485fd7f6307f029e67ac54],

Registry Values: 16
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp|path, C:\Users\arpit\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx, , [ed626353cebcea4c51ff19cdac577b85]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3052C348-BFE5-4B6D-BF45-C91CDBB45508}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN32576384903072941&UM=1, , [d37c0ea8f298e55160a200e9e1226b95]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3052C348-BFE5-4B6D-BF45-C91CDBB45508}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, , [ce81f2c4a4e673c35ea48e5b5aa95ea2]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3052C348-BFE5-4B6D-BF45-C91CDBB45508}|FaviconURL, http://search.conduit.com/favicon.ico, , [301f4175fe8ce55103ffbd2c39ca07f9]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|URL, http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}, , [6be4833325651422d01917d0ae553bc5]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, , [ef60476f0b7f71c542a2cbb33acb7d83]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BBAD4AC7-803C-4025-98E8-4C15DBD9A3B4}|URL, http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}, , [84cbf1c5fe8c11255b8e28bfdb289b65]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BBAD4AC7-803C-4025-98E8-4C15DBD9A3B4}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, , [f35ccfe7206aaf872eb6f08ebd487888]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1023\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|URL, http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}, , [7fd0d4e2197173c37f6a895ead56ba46]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1023\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, , [202ff8beff8bca6c33b15b2372937f81]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1027\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|URL, http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}, , [252a4b6b7713999db336c621857ec739]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-1027\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, , [9eb1e8ce0288d85e15cff28cd43126da]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|URL, http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}, , [86c914a20e7cea4c7d6c4f98f70ceb15]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, , [c28da6108208280e0dd75925a46146ba]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|URL, http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}, , [c38ccfe721696dc99b4e82659271768a]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2649684878-456037161-1469009763-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{84CBE7CF-BCFC-4365-9D7C-E154CDEF6C1E}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, , [b09f0aac85059a9c479df886b55004fc]

Registry Data: 0
(No malicious items detected)









Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!![/b]
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Kaspersky PURE 3.0   
avast! Antivirus     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SpyHunter 4   
 CCleaner     
 Java 7 Update 45 
 Java version 32-bit out of Date!
  Adobe Flash Player    18.0.0.209 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (43.0.1)
 Google Chrome (47.0.2526.106)
 Google Chrome (47.0.2526.80)
 Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
What exactly is the problem?
*********************************************
Go to Microsoft Windows Update and get all critical updates.
*************************************************
The Security Log shows that your AV on-access scanning is disabled. Please enable this function.
**************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[Anonyme]

Hey ^_^  Sorry about d delay ... the exams were intense & i couldn't focus on malware removal.


I want to know if there is a spyware on my computer.

Critical updates two, Updated.

On-access scanning of AV was disabled as per operating rules of screen317's 'security check' .

Unable to do anything with the JAVA.

    Windows remove programs feature unable to uninstall java - internal error 2203. C\Windows\Installer\4657b.ipi , -2147287035

    JavaRa - remove older version of java option - does not creates ( fails to ) log.file , ends abruptly

    New version of java installer (jre-8u74-windows-i586) Fails to install - Error code: 2



JRT Log :-

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x86
Ran by ayush (Administrator) on Sun 02/28/2016 at 15:15:05.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 25

Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\System32\Tasks\0 (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_ayush (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\onestopsoft.com (Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DNBBJ2K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNS2UEE (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J0AVY67 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95XYNKHH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H7FLUKF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N02870CS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTE8EDQL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ayush.AASHIRVAD-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOKRA13X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DNBBJ2K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VNS2UEE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6J0AVY67 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95XYNKHH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H7FLUKF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N02870CS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTE8EDQL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOKRA13X (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/28/2016 at 15:16:47.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Thanks.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

I want to know if there is a spyware on my computer.

Yes, but almost every computer has them.
*********************************************
Please run the Security check again and post the log.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Anonyme]

well alright, but if one spyware is found which sends to some another person's computer via the web ,  my browsing history,  data,  filenames  or  locations , , searches - keywords -

strokes etcetera that'd be of immense help. .. you know not to some data-collecting company but to a person.



i've d security check log :- ( adobe plugin is also un-upgradable pls pardon )




 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Disabled! 
Kaspersky PURE 3.0   
avast! Antivirus     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SpyHunter 4   
 CCleaner     
 Java 7 Update 45 
 Java version 32-bit out of Date!
 Adobe Flash Player    20.0.0.306 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (44.0.2)
 Google Chrome (47.0.2526.111)
 Google Chrome (48.0.2564.97)
 Google Chrome (Plugins...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````[/u]






Also   for the eset online scanner  after reaching a certain portion of scanning there appears the blue-screen crash.   i've turned all other AVs off but still.

[SuperDave]

well alright, but if one spyware is found which sends to some another person's computer via the web ,  my browsing history,  data,  filenames  or  locations , , searches - keywords -

strokes etcetera that'd be of immense help. .. you know not to some data-collecting company but to a person.

That's why they call it Spyware.
The Security log still shows two AV active. One must be disabled. Also, please turn on your Windows Firewall.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

[Anonyme]

  v_v

    .

    .

    .


Sorry Mr Dave ,

    Kaspersky security scan tool - unable to install - internal error 2203 (C:\Windows\Installer\330737.ipi , -2147287035)


There's only one avast AV present . kaspersky pure 3.0 ended trial & is not active on my system (uninstalled). Also windows FW is also enabled, the tool

shows it disabled for some reason.}

This installer error shows up everytime a security software bundle runs/tries to install on my system. I'm guessing some sort of blocking by the malware present.


I've some logs from before :-

[attachment deleted by admin to conserve space]

[SuperDave]

How is your computer running now. You never did tell me what the problem was.

[Anonyme]

The computer is well , in the aftermath of a possible malware infection. No new antivirus products r installing , unable to completely

uninstall old ones , system slowdown , running AV software often encounters problems. Abrupt stops, unable to detect or remove , unable to

detect again on a second-run, etc etc . Compromised security.

Also there (were) a lot of problems in chrome during those scans.



The problem is not that it got affected by the malware in the first place, but the slightest possibility  that it was deliberated by a second (close)

person known to me - & that it included a  spyware  on it , to steal data from my computer that normally privacy policies r not into .


I've to now format disk drive on order to completely remove all viruses present , but before doing that , i just wanna now if a spyware was indeed

included .


I've some logs. I can post them. You can either take them as a joke :p , or you can see that i was indeed serious  . All of them were

done in a prescribed check-up fashion from the last year ; Please be kindly to take a look once :



Please tell me if something fruitful comes out from this lookout for a spyware/keylogger & so. Thankyou, Mr Dave.

[attachment deleted by admin to conserve space]

[Anonyme]

[2]

[attachment deleted by admin to conserve space]

[Anonyme]

[3]

[attachment deleted by admin to conserve space]

[Anonyme]

[4]

[attachment deleted by admin to conserve space]

[SuperDave]

Those scans are from one year to 3 years old. All I can say is that the computer was infected. Are you saying that you suspect that someone had access to your computer?

[Anonyme]

Sorry i missed here Mr Dave


Yes someone had access for sometime to my computer in the beginning.

Wait so r there no spywares you can spot out ? Like browser hijackers , those 'websave ,conduit search, torn tv' etc  in chrome are clear ?

is there no way to be sure ?

Please tell me.

[SuperDave]

Please run MBAM and AdwCleaner and post the logs.