CreateRestorePoint: (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe () C:\ProgramData\Windows Services\win32.exe C:\ProgramData\Windows Services\ HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1719184 2015-09-22] (APN) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-4015452833-1489104237-150875748-1001\...\MountPoints2: J - J:\Autorun.exe HKU\S-1-5-21-4015452833-1489104237-150875748-1001\...\MountPoints2: K - K:\Installer.exe HKU\S-1-5-21-4015452833-1489104237-150875748-1001\...\MountPoints2: {6e38c9c7-6bc2-11e4-aa46-386077909566} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\start.exe HKU\S-1-5-21-4015452833-1489104237-150875748-1001\...\MountPoints2: {f8364b95-b112-11e2-b6ab-386077909566} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-4015452833-1489104237-150875748-1001\...\Winlogon: [Shell] C:\ProgramData\Windows Services\win32.exe [539712 2014-03-20] () <==== ATTENTION IFEO\AvastSvc.exe: [Debugger] nqij.exe IFEO\AvastUI.exe: [Debugger] nqij.exe IFEO\avcenter.exe: [Debugger] nqij.exe IFEO\avconfig.exe: [Debugger] nqij.exe IFEO\avgcsrvx.exe: [Debugger] nqij.exe IFEO\avgidsagent.exe: [Debugger] nqij.exe IFEO\avgnt.exe: [Debugger] nqij.exe IFEO\avgrsx.exe: [Debugger] nqij.exe IFEO\avguard.exe: [Debugger] nqij.exe IFEO\avgui.exe: [Debugger] nqij.exe IFEO\avgwdsvc.exe: [Debugger] nqij.exe IFEO\avp.exe: [Debugger] nqij.exe IFEO\avscan.exe: [Debugger] nqij.exe IFEO\bdagent.exe: [Debugger] nqij.exe IFEO\blindman.exe: [Debugger] nqij.exe IFEO\ccuac.exe: [Debugger] nqij.exe IFEO\ComboFix.exe: [Debugger] nqij.exe IFEO\egui.exe: [Debugger] nqij.exe IFEO\hijackthis.exe: [Debugger] nqij.exe IFEO\instup.exe: [Debugger] nqij.exe IFEO\keyscrambler.exe: [Debugger] nqij.exe IFEO\mbam.exe: [Debugger] nqij.exe IFEO\mbamgui.exe: [Debugger] nqij.exe IFEO\mbampt.exe: [Debugger] nqij.exe IFEO\mbamscheduler.exe: [Debugger] nqij.exe IFEO\mbamservice.exe: [Debugger] nqij.exe IFEO\MpCmdRun.exe: [Debugger] nqij.exe IFEO\MSASCui.exe: [Debugger] nqij.exe IFEO\MsMpEng.exe: [Debugger] nqij.exe IFEO\msseces.exe: [Debugger] nqij.exe IFEO\rstrui.exe: [Debugger] nqij.exe IFEO\SDFiles.exe: [Debugger] nqij.exe IFEO\SDMain.exe: [Debugger] nqij.exe IFEO\SDWinSec.exe: [Debugger] nqij.exe IFEO\spybotsd.exe: [Debugger] nqij.exe IFEO\wireshark.exe: [Debugger] nqij.exe IFEO\zlclient.exe: [Debugger] nqij.exe Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" HKU\S-1-5-21-4015452833-1489104237-150875748-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.speedbit.com/?s=EC3aya1 HKU\S-1-5-21-4015452833-1489104237-150875748-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB4D09E5B-A866-4BC4-B0AD-F235D2C05C2E&SSPV= SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?s=EC3aya1&q={searchTerms} SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?s=EC3aya1&q={searchTerms} SearchScopes: HKU\S-1-5-21-4015452833-1489104237-150875748-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB4D09E5B-A866-4BC4-B0AD-F235D2C05C2E&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-4015452833-1489104237-150875748-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB4D09E5B-A866-4BC4-B0AD-F235D2C05C2E&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-4015452833-1489104237-150875748-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119370&babsrc=SP_ss_din2g&mntrId=56524924000000000000386077909566 SearchScopes: HKU\S-1-5-21-4015452833-1489104237-150875748-1001 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://go.speedbit.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms} BHO-x32: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files (x86)\DAP\LinkVerifier.dll => No File Toolbar: HKU\S-1-5-21-4015452833-1489104237-150875748-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF NewTab: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPB4D09E5B-A866-4BC4-B0AD-F235D2C05C2E FF DefaultSearchEngine: Speedbit Search FF DefaultSearchUrl: hxxp://go.speedbit.com/search.aspx?s=EC3aya1&q= FF SearchEngineOrder.1: Speedbit Search FF SelectedSearchEngine: Speedbit Search FF Homepage: hxxp://go.speedbit.com/?s=EC3aya1 FF Keyword.URL: hxxp://go.speedbit.com/search.aspx?s=EC3aya1&q= FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-18] (Pando Networks) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File] FF Plugin HKU\S-1-5-21-4015452833-1489104237-150875748-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2012-10-18] (Pando Networks) FF user.js: detected! => C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\glbxkbdw.default\user.js [2013-07-09] FF SearchPlugin: C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\glbxkbdw.default\searchplugins\babylon.xml [2013-05-01] FF SearchPlugin: C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\glbxkbdw.default\searchplugins\BrowserProtect.xml [2013-05-01] FF SearchPlugin: C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\glbxkbdw.default\searchplugins\conduit-search.xml [2014-01-17] FF SearchPlugin: C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\glbxkbdw.default\searchplugins\delta.xml [2013-03-06] FF SearchPlugin: C:\Users\Dallas\AppData\Roaming\Mozilla\Firefox\Profiles\glbxkbdw.default\searchplugins\speedbit.xml [2014-12-02] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013-03-06] FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker => not found FF HKU\S-1-5-21-4015452833-1489104237-150875748-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-09-30] CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [2015-09-30] CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx CHR HKLM-x32\...\Chrome\Extension: [kbhplonhjleiopohgmppianogioknked] - C:\Program Files\Common Files\SpeedBit\SBUpdate\NewTabLaunch.crx [2014-01-24] S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2545272 2014-04-15] (Speedbit Ltd.) S4 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [X] S4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] S2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [X] S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X] S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [X] S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41368 2014-04-15] () U3 a9bhj6gm; no ImagePath S1 adsaujor; \??\C:\Windows\system32\drivers\adsaujor.sys [X] 2015-11-02 03:00 - 2015-11-02 03:00 - 00000000 ____D C:\Windows\TempA849A98A-6738-3056-896A-35151BF97127-Signatures 2015-11-02 03:00 - 2015-11-02 03:00 - 00000000 ____D C:\b8d4f93ad4aa7177aa 2015-11-01 03:00 - 2015-11-01 03:00 - 00000000 ____D C:\Windows\Temp2A5700FB-A9B3-1632-D228-A039F281B7B0-Signatures 2015-11-01 03:00 - 2015-11-01 03:00 - 00000000 ____D C:\956813407bfbcfc57ce49417e2ac 2015-11-01 02:01 - 2015-11-01 02:01 - 00000000 ____D C:\Windows\TempE7174544-498B-4340-8F4B-49239CED4095-Signatures 2015-11-01 02:00 - 2015-11-01 02:01 - 00000000 ____D C:\2e0be413eb6c680cfa98ed91b8528a 2015-10-31 02:00 - 2015-10-31 02:00 - 00000000 ____D C:\Windows\Temp7567FB7B-810F-5491-5DAD-D79911350818-Signatures 2015-10-31 02:00 - 2015-10-31 02:00 - 00000000 ____D C:\d5f9c158d5d533a0618506960163 2015-10-30 02:00 - 2015-10-30 02:00 - 00000000 ____D C:\Windows\Temp796CB11A-3692-2ED7-DCC5-3696C373A491-Signatures 2015-10-30 02:00 - 2015-10-30 02:00 - 00000000 ____D C:\5d619b66d187ff3332cbe26d0a9f 2015-10-29 02:00 - 2015-10-29 02:00 - 00000000 ____D C:\Windows\Temp4639358E-06D0-94FA-3C43-E9F42A664FE1-Signatures 2015-10-29 02:00 - 2015-10-29 02:00 - 00000000 ____D C:\2d7dd32d18fa81da90d053bd9c4f 2015-10-28 02:00 - 2015-10-28 02:00 - 00000000 ____D C:\Windows\Temp7886BB28-8A65-06C3-ECB7-DA63911F8226-Signatures 2015-10-28 02:00 - 2015-10-28 02:00 - 00000000 ____D C:\e1b4d1b6a09a0ca28eb6 2015-10-27 02:00 - 2015-10-27 02:00 - 00000000 ____D C:\Windows\TempC8674196-6E15-57E4-39BD-06F64F04428E-Signatures 2015-10-27 02:00 - 2015-10-27 02:00 - 00000000 ____D C:\10ad2f27979ee681fc 2015-10-26 02:00 - 2015-10-26 02:00 - 00000000 ____D C:\Windows\Temp264E71E5-EBD8-C97A-705C-728605B95489-Signatures 2015-10-26 02:00 - 2015-10-26 02:00 - 00000000 ____D C:\4eb399ea2df8acbf46528705223573 2015-10-25 02:00 - 2015-10-25 02:00 - 00000000 ____D C:\Windows\Temp5B49D327-90AC-0EC0-498A-CC9460BCAA3B-Signatures 2015-10-25 02:00 - 2015-10-25 02:00 - 00000000 ____D C:\4561587300f0c0e2cd579f38415b 2015-10-24 02:00 - 2015-10-24 02:00 - 00000000 ____D C:\Windows\TempADCDCCC8-C8EF-2E6D-292E-B19D0B2F73C0-Signatures 2015-10-24 02:00 - 2015-10-24 02:00 - 00000000 ____D C:\68c916f9b2ec1b18bd 2015-10-23 02:00 - 2015-10-23 02:00 - 00000000 ____D C:\Windows\Temp7C40BEE1-2816-14B4-A412-BEC5511C0054-Signatures 2015-10-23 02:00 - 2015-10-23 02:00 - 00000000 ____D C:\822f1aaeae334fa6682925 2015-10-22 02:00 - 2015-10-22 02:00 - 00000000 ____D C:\Windows\Temp0847AF2D-4714-7436-B875-8786951F6BA1-Signatures 2015-10-22 02:00 - 2015-10-22 02:00 - 00000000 ____D C:\59e78977aaf208665a3c 2015-10-21 02:00 - 2015-10-21 02:00 - 00000000 ____D C:\Windows\Temp80334EC7-F003-C18C-4792-28A77195CED6-Signatures 2015-10-21 02:00 - 2015-10-21 02:00 - 00000000 ____D C:\ffeb37f77613ff2d1822f6769584b46c 2015-10-20 02:00 - 2015-10-20 02:00 - 00000000 ____D C:\Windows\TempC9754545-5021-33C3-E810-2A55B4765A02-Signatures 2015-10-20 02:00 - 2015-10-20 02:00 - 00000000 ____D C:\000228e9e0c6c3286a 2015-10-19 02:00 - 2015-10-19 02:00 - 00000000 ____D C:\Windows\TempFACC9DA6-817F-7FB7-5F95-7C20847AE2A6-Signatures 2015-10-19 02:00 - 2015-10-19 02:00 - 00000000 ____D C:\fc4b5f665d15c1faa10f4372ce 2015-10-18 02:00 - 2015-10-18 02:00 - 00000000 ____D C:\Windows\Temp4FA136F1-F5E1-1D65-E28E-9CFFA3F0DC6B-Signatures 2015-10-18 02:00 - 2015-10-18 02:00 - 00000000 ____D C:\d5f3c2befb2d3000a524b0ca5a33 2015-10-17 02:00 - 2015-10-17 02:00 - 00000000 ____D C:\Windows\Temp8B38D5EE-30C0-8178-D6D3-23572E689B3B-Signatures 2015-10-17 02:00 - 2015-10-17 02:00 - 00000000 ____D C:\ef436227c87a7cbcfe4fa55b3f58e5cc 2015-10-16 02:00 - 2015-10-16 02:00 - 00000000 ____D C:\Windows\Temp83C9CF68-00F4-92EE-CC22-5AD6A282215C-Signatures 2015-10-16 02:00 - 2015-10-16 02:00 - 00000000 ____D C:\324edb7b8f5fd8e3827d62 2015-10-15 02:01 - 2015-10-15 02:01 - 00000000 ____D C:\Windows\TempC3286D97-9E2E-40BA-0F7C-AEFD80D1B0D5-Signatures 2015-10-15 02:01 - 2015-10-15 02:01 - 00000000 ____D C:\0cd501a2d4f4a7ec43083dcdec 2015-10-14 02:06 - 2015-10-14 02:06 - 00000000 ____D C:\Windows\Temp18ABB78D-2E52-31BD-BB36-4C720E2B5105-Signatures 2015-10-03 02:01 - 2015-10-03 02:01 - 00000000 ____D C:\Windows\Temp3DC99EF9-3763-784C-A84D-9D3980CCC0AE-Signatures C:\$Recycle.Bin\S-1-5-21-4015452833-1489104237-150875748-1001\$db464e50118d890c935daa3a33105311 C:\$Recycle.Bin\S-1-5-18\$db464e50118d890c935daa3a33105311 Task: C:\Windows\Tasks\Launch 20669.job => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\Launch 20848.job => C:\Program Files (x86)\DAP\DAP.exe <==== ATTENTION Task: C:\Windows\Tasks\SBWUpdateTask_Time_56524924-386077909566.job => C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\SBW_UpdateTask_Time_333432353136303937362d3437415a556c2a3223346c41.job => Wscript.exe M/B C:\ProgramData\SpeedBit\sbhe.js sbu.exe Task: C:\Windows\Tasks\SBW_UpdateTask_Time_333432353136303937362d554a374134342d2a326c5b5a.job => Wscript.exe M/B C:\ProgramData\SpeedBit\sbhe.js sbu.exe AlternateDataStreams: C:\ProgramData\Microsoft:27mm8JuyKF4TyL2V8bR AlternateDataStreams: C:\ProgramData\Microsoft:Dd2yETi7EwkHXWz0o5QJcMQ AlternateDataStreams: C:\ProgramData\Microsoft:TuFJyLDqrYFmSWQRcO7L AlternateDataStreams: C:\ProgramData\Microsoft:VAduEtpWpJ7Ebct7IH AlternateDataStreams: C:\ProgramData\Temp:56E2E879 AlternateDataStreams: C:\Users\Dallas\Cookies:THb1xzICCThinEU4VQGhXoJV AlternateDataStreams: C:\Users\Dallas\AppData\Local\93kLmCgA:EdZ4XqDU8iblFk75QBlOp9n AlternateDataStreams: C:\Users\Dallas\AppData\Local\Temp:dsiY83V4Q5lIu65IgpqpBNo8pJHO AlternateDataStreams: C:\Users\Dallas\AppData\Local\Temp:o0h7DqkOMn7hjFww AlternateDataStreams: C:\Users\Dallas\AppData\Local\Temp:X3DEmOJZlhEkdzctcX AlternateDataStreams: C:\Users\Dallas\AppData\Local\Temporary Internet Files:yJgdLIhZ7lftuWyiIt7S0s5OG AlternateDataStreams: C:\Users\Dallas\AppData\Local\ySN1pOKGNrm30j:fteXIcZBOKi7oIB3EmMRU7 EmptyTemp: