Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i have torjan virus and svchost.exe they have stealed a lot of my game acounts


  • This topic is locked This topic is locked
43 replies to this topic

#1 kid13

kid13

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 24 April 2013 - 04:13 PM

Attached File  Attach.txt   7.68KB   1 downloads

Attached File  DDS.txt   18.17KB   0 downloads  

 

 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Administrator at 3:43:13 on 2013-04-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2047.180 [GMT 2:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
D:\PROGRA~1\AVG\AVG2013\avgrsx.exe
D:\Program Files\AVG\AVG2013\avgcsrvx.exe
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\System32\spoolsv.exe
D:\Program Files\AVG\AVG2013\avgfws.exe
D:\Program Files\AVG\AVG2013\avgidsagent.exe
D:\Program Files\AVG\AVG2013\avgwdsvc.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskeng.exe
D:\Windows\Explorer.EXE
D:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
D:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe
D:\Users\Administrator\AppData\Local\Pokki\Engine\pokki.exe
D:\Windows\System32\WUDFHost.exe
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\AVG\AVG2013\avgnsx.exe
D:\Program Files\AVG\AVG2013\avgemcx.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Users\Administrator\AppData\Local\Pokki\Engine\pokki.exe
D:\Users\Administrator\AppData\Local\Pokki\Engine\pokki.exe
D:\Program Files\AVG\AVG2013\avgui.exe
D:\Windows\system32\DllHost.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Program Files\AVG\AVG2013\avgcsrvx.exe
D:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\AVG\AVG2013\avgcsrvx.exe
D:\Program Files\AVG\AVG2013\avgcsrvx.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\conhost.exe
D:\Windows\system32\wbem\wmiprvse.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.simplespeedy.info/
uDefault_Search_URL = hxxp://search.protectedsearch.com?si=41570&home=true&tid=3026&q=
mStart Page = hxxp://websearch.simplespeedy.info/
mSearch Bar = hxxp://search.protectedsearch.com?si=41570&home=true&tid=3026&q=
mSearch Page = hxxp://search.protectedsearch.com?si=41570&home=true&tid=3026&q=
mDefault_Search_URL = hxxp://search.protectedsearch.com?si=41570&home=true&tid=3026&q=
BHO: wxDownload Class: {103576F6-8A45-CCBC-D028-1946B487D3CC} - d:\programdata\wxdownload\5089c5bf674a3.ocx
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - d:\program files\ib updater\Extension32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - d:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - d:\program files\avg safeguard toolbar\15.1.1.2\AVG SafeGuard toolbar_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - d:\program files\windows live\companion\companioncore.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - d:\program files\dealply\DealPlyIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - d:\program files\wajam\ie\priam_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - d:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - d:\program files\avg safeguard toolbar\15.1.1.2\AVG SafeGuard toolbar_toolbar.dll
dRun: [DevconDefaultDB] d:\windows\system32\READREG /SILENT /FAIL=1
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - d:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - d:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 77.222.196.5 77.222.196.250
TCP: Interfaces\{285F8AE2-C964-4644-9664-F7FF6DCAA331} : DHCPNameServer = 77.222.196.5 77.222.196.250
TCP: Interfaces\{285F8AE2-C964-4644-9664-F7FF6DCAA331}\4556C656E6F627932333833756E6 : DHCPNameServer = 130.67.15.198 193.213.112.4 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - d:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - d:\program files\common files\avg secure search\viprotocolinstaller\15.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - d:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= d:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - d:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;d:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;d:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;d:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 Avgfwfd;AVG network filter service;d:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;d:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;d:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;d:\windows\system32\drivers\avgtpx86.sys [2013-3-12 34592]
R1 cnnctfy2;Connectify LightWeight Filter;d:\windows\system32\drivers\cnnctfy2.sys [2012-12-30 27248]
R2 avgfws;AVG Firewall;d:\program files\avg\avg2013\avgfws.exe [2012-12-10 1342024]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R3 PAC207;SoC PC-Camera;d:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;d:\windows\system32\drivers\Ph3xIB32.sys [2009-6-10 1311232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;d:\windows\system32\drivers\ssadadb.sys [2012-3-28 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;d:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;d:\windows\system32\drivers\fssfltr.sys [2012-5-4 39272]
S3 fsssvc;Windows Live Family Safety Service;d:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [2012-1-7 15872]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);d:\windows\system32\drivers\ssadbus.sys [2012-3-28 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);d:\windows\system32\drivers\ssadmdfl.sys [2012-3-28 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;d:\windows\system32\drivers\ssadmdm.sys [2012-3-28 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);d:\windows\system32\drivers\ssadserd.sys [2012-3-28 114280]
S3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\TsUsbFlt.sys [2012-1-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\wat\WatAdminSvc.exe [2012-7-28 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;f:\programfiles\game booster 3\driver\WinRing0.sys [2012-5-9 14416]
S4 BrowserProtect;BrowserProtect;d:\programdata\browserprotect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-4-21 2787280]
S4 Connectify;Connectify;d:\program files\connectify\ConnectifyService.exe [2012-12-30 65536]
S4 IB Updater;IB Updater;d:\program files\ib updater\ExtensionUpdaterService.exe [2012-10-26 188760]
S4 NAUpdate;Nero Update;d:\program files\nero\update\NASvc.exe [2011-11-25 687400]
S4 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S4 TeamViewer8;TeamViewer 8;d:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-14 3467768]
S4 UMVPFSrv;UMVPFSrv;d:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
S4 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;d:\program files\common files\avg secure search\vtoolbarupdater\15.1.0\ToolbarUpdater.exe [2013-4-11 1008816]
S4 WajamUpdater;WajamUpdater;d:\program files\wajam\updater\WajamUpdater.exe [2013-4-4 109064]
S4 wlcrasvc;Windows Live Mesh remote connections service;d:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-04-23 21:38:18 -------- d-----w- d:\windows\pss
2013-04-23 21:29:48 -------- d-----w- d:\users\administrator\appdata\local\{4D1DCF2A-B5CA-498C-A96C-08C16E081F5F}
2013-04-23 19:28:17 -------- d-----w- d:\users\administrator\appdata\local\{54BECEAC-AD20-4B52-9DB0-9E49E3036AF2}
2013-04-23 12:30:24 -------- d-----w- d:\users\administrator\appdata\local\{5066EEA6-1F70-4761-8F6D-46E366B7168A}
2013-04-22 12:23:33 -------- d-----w- d:\users\administrator\appdata\local\{2C9C2B09-223B-4A65-9CB8-B8E955DCF9DA}
2013-04-21 22:42:52 -------- d-----w- d:\users\administrator\appdata\roaming\NCdownloader
2013-04-21 22:30:46 -------- d-----w- d:\programdata\SSeaRch-NewTab
2013-04-21 22:30:35 -------- d-----w- d:\program files\BrowseToSave
2013-04-21 22:29:56 -------- d-----w- d:\programdata\Barowsoe2sAve
2013-04-21 22:22:15 -------- d-----w- d:\programdata\SoftSafe
2013-04-21 18:23:02 -------- d-----w- d:\users\administrator\appdata\local\Wajam
2013-04-21 18:22:37 -------- d-----w- d:\program files\Wajam
2013-04-21 17:30:57 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2013-04-21 17:30:57 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2013-04-21 13:45:48 -------- d-----w- d:\users\administrator\appdata\local\{721F6C63-07B0-447B-B93A-8BD73C0921AE}
2013-04-20 08:34:27 -------- d-----w- d:\users\administrator\appdata\local\{2E31752B-1FDC-48AB-B7BA-E450E2D4F651}
2013-04-19 17:05:37 94112 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2013-04-19 12:18:49 -------- d-----w- d:\users\administrator\appdata\local\{FFF95FC4-464F-403F-925B-AB67A3C1185F}
2013-04-17 12:06:23 -------- d-----w- d:\users\administrator\appdata\local\{1ED15552-3FCE-4916-BA22-AE153EA8E07C}
2013-04-16 12:37:52 -------- d-----w- d:\users\administrator\appdata\local\{FC91D633-76F4-44A1-8027-663E6A499AAF}
2013-04-14 18:51:28 -------- d-----w- d:\users\administrator\appdata\local\{91BF9BD7-20CA-4576-A5C8-1CF9F62020E3}
2013-04-14 06:50:44 -------- d-----w- d:\users\administrator\appdata\local\{A59DD1E5-30FD-4947-804C-9B2E7875059E}
2013-04-13 12:38:03 -------- d-----w- d:\users\administrator\appdata\local\{C7EE10A2-F462-4381-BE6F-6D868FE3FD34}
2013-04-13 00:37:18 -------- d-----w- d:\users\administrator\appdata\local\{F1AA4DC3-C55D-4AE0-9677-BD3781D57832}
2013-04-12 12:36:39 -------- d-----w- d:\users\administrator\appdata\local\{218F4CFD-2A3F-479C-ADC1-67601840CC21}
2013-04-11 22:38:42 -------- d-----w- d:\users\administrator\appdata\local\{B50F36D9-BB58-4FB7-BEDA-CBD81D68AD03}
2013-04-11 10:37:58 -------- d-----w- d:\users\administrator\appdata\local\{0955CCCB-A9C9-4884-87ED-FC0D2F4B81E3}
2013-04-10 12:45:54 -------- d-----w- d:\users\administrator\appdata\local\{0A748248-7FA8-4E82-9740-F4C85DCA130D}
2013-04-10 12:29:44 2347008 ----a-w- d:\windows\system32\win32k.sys
2013-04-10 12:29:43 196328 ----a-w- d:\windows\system32\drivers\fvevol.sys
2013-04-10 12:29:42 3913560 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-04-10 12:29:41 69632 ----a-w- d:\windows\system32\smss.exe
2013-04-10 12:29:41 3968856 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-04-10 12:29:41 38912 ----a-w- d:\windows\system32\csrsrv.dll
2013-04-10 12:29:34 36864 ----a-w- d:\windows\system32\tsgqec.dll
2013-04-10 12:29:34 3217408 ----a-w- d:\windows\system32\mstscax.dll
2013-04-10 12:29:34 131584 ----a-w- d:\windows\system32\aaclient.dll
2013-04-10 12:29:28 1212264 ----a-w- d:\windows\system32\drivers\ntfs.sys
2013-04-09 12:17:11 -------- d-----w- d:\users\administrator\appdata\local\{55433E1E-E46B-4491-9505-0F16C5F3A8E2}
2013-04-08 12:59:03 -------- d-----w- d:\users\administrator\appdata\local\{27A16626-2EA9-4186-AE53-F601BB2FD31E}
2013-04-06 07:41:07 -------- d-----w- d:\users\administrator\appdata\local\{DCF4499C-DFE4-4929-9326-6C00257E19AA}
2013-04-05 11:56:55 -------- d-----w- d:\users\administrator\appdata\local\{A7E81C63-9863-4B98-8ECF-66F3725CFAA5}
2013-04-04 12:36:25 -------- d-----w- d:\users\administrator\appdata\local\{2582487B-526D-4D28-9B37-F1C87C60DA76}
2013-04-03 12:11:08 -------- d-----w- d:\users\administrator\appdata\local\{FF3E4608-A48D-4227-A45F-1D1BB103211B}
2013-04-02 13:02:46 -------- d-----w- d:\users\administrator\appdata\local\{9355F2BB-AF10-4ABA-96CA-9D6E44E2D2BE}
2013-04-01 09:10:02 -------- d-----w- d:\users\administrator\appdata\local\{4C23012E-1BCB-497F-B108-E0A8D7D1AB3F}
2013-03-31 07:58:10 -------- d-----w- d:\users\administrator\appdata\local\{DE2908FF-0765-4844-927A-70ABE035D2FD}
2013-03-30 19:33:35 -------- d-----w- d:\users\administrator\appdata\local\{4C3E2837-ADBF-4399-90F6-23D4996BD524}
2013-03-30 07:33:09 -------- d-----w- d:\users\administrator\appdata\local\{3F7B8A18-479F-4CA2-A624-037A02A65B9B}
2013-03-29 11:04:59 -------- d-----w- d:\users\administrator\appdata\local\{8FE5D5FC-9A5A-418E-9431-D83A649E6DBE}
2013-03-28 08:07:57 -------- d-----w- d:\users\administrator\appdata\local\{82E7D23B-4E64-4CC9-89CA-114017646266}
2013-03-26 09:39:54 -------- d-----w- d:\users\administrator\appdata\local\{9A05DE9D-6EB6-4325-AA5E-C1644A70F27C}
.
==================== Find3M  ====================
.
2013-04-11 17:04:50 34592 ----a-w- d:\windows\system32\drivers\avgtpx86.sys
2013-03-21 13:28:57 861088 ----a-w- d:\windows\system32\npDeployJava1.dll
2013-03-21 13:28:57 782240 ----a-w- d:\windows\system32\deployJava1.dll
2013-03-12 23:43:58 73432 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 23:43:58 693976 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-02-22 03:46:00 1800704 ----a-w- d:\windows\system32\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- d:\windows\system32\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- d:\windows\system32\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- d:\windows\system32\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- d:\windows\system32\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- d:\windows\system32\mshtml.tlb
2013-02-12 04:48:31 474112 ----a-w- d:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- d:\windows\apppatch\AcGenral.dll
2013-02-12 03:32:45 15872 ----a-w- d:\windows\system32\drivers\usb8023.sys
2013-02-01 19:38:36 499712 ----a-w- d:\windows\system32\msvcp71.dll
2013-02-01 19:38:36 348160 ----a-w- d:\windows\system32\msvcr71.dll
2011-05-20 22:02:48 573440 ----a-w- d:\program files\id3lib.dll
2010-07-28 12:39:52 163840 ----a-w- d:\program files\ikpMP3.dll
2008-06-05 10:04:38 269312 ----a-w- d:\program files\devil.dll
2004-08-04 15:25:38 180224 ----a-w- d:\program files\cgGL.dll
2004-08-04 15:25:38 1388544 ----a-w- d:\program files\cg.dll
.
============= FINISH:  3:47:15.22 ===============
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 PM

Posted 24 April 2013 - 04:58 PM


Hello kid13


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 24 April 2013 - 05:20 PM

# AdwCleaner v2.202 - Logfile created 04/25/2013 at 05:10:30
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Administrator - LEONIDAS
# Boot Mode : Normal
# Running from : D:\Users\Administrator\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BrowserProtect
Stopped & Deleted : IB Updater
Stopped & Deleted : WajamUpdater
 
***** [Files / Folders] *****
 
Deleted on reboot : D:\ProgramData\BetterSoft
Deleted on reboot : D:\ProgramData\BrowserProtect
Deleted on reboot : D:\ProgramData\Premium
File Deleted : D:\END
File Deleted : D:\user.js
File Deleted : D:\Users\ADMINI~1\AppData\Local\Temp\Uninstall.exe
File Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : D:\Users\Administrator\Desktop\Search The Web.url
File Deleted : D:\Users\Shokrullah Jahya\Desktop\Check for Updates.lnk
File Deleted : D:\Users\Shokrullah Jahya\Desktop\Search The Web.url
File Deleted : D:\Windows\system32\ImhxxpComm.dll
Folder Deleted : D:\Program Files\Ask.com
Folder Deleted : D:\Program Files\BrowseToSave
Folder Deleted : D:\Program Files\Common Files\AVG Secure Search
Folder Deleted : D:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : D:\Program Files\continuetosave
Folder Deleted : D:\Program Files\DealPly
Folder Deleted : D:\Program Files\IB Updater
Folder Deleted : D:\Program Files\Optimizer Pro
Folder Deleted : D:\Program Files\Perion
Folder Deleted : D:\Program Files\SweetIM
Folder Deleted : D:\Program Files\Wajam
Folder Deleted : D:\Program Files\wxDfast
Folder Deleted : D:\ProgramData\Babylon
Folder Deleted : D:\ProgramData\clsoft ltd
Folder Deleted : D:\ProgramData\continuetosave
Folder Deleted : D:\ProgramData\InstallMate
Folder Deleted : D:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Deleted : D:\ProgramData\RightClick
Folder Deleted : D:\ProgramData\SoftSafe
Folder Deleted : D:\ProgramData\SweetIM
Folder Deleted : D:\Users\ADMINI~1\AppData\Local\Temp\AskSearch
Folder Deleted : D:\Users\ADMINI~1\AppData\Local\Temp\Wajam
Folder Deleted : D:\Users\Administrator\AppData\Local\APN
Folder Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : D:\Users\Administrator\AppData\Local\Savings Sidekick
Folder Deleted : D:\Users\Administrator\AppData\Local\Wajam
Folder Deleted : D:\Users\Administrator\AppData\LocalLow\AskToolbar
Folder Deleted : D:\Users\Administrator\AppData\LocalLow\incredibar.com
Folder Deleted : D:\Users\Administrator\AppData\LocalLow\simplytech
Folder Deleted : D:\Users\Administrator\AppData\LocalLow\Toolbar4
Folder Deleted : D:\Users\Administrator\AppData\Roaming\Babylon
Folder Deleted : D:\Users\Administrator\AppData\Roaming\BrowserCompanion
Folder Deleted : D:\Users\Administrator\AppData\Roaming\DealPly
Folder Deleted : D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : D:\Users\Administrator\AppData\Roaming\NCdownloader
Folder Deleted : D:\Users\Administrator\AppData\Roaming\OpenCandy
Folder Deleted : D:\Users\Administrator\AppData\Roaming\Optimizer Pro
Folder Deleted : D:\Users\Shokrullah Jahya\AppData\LocalLow\simplytech
Folder Deleted : D:\Users\Shokrullah Jahya\AppData\LocalLow\Toolbar4
Folder Deleted : D:\Users\Shokrullah Jahya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : D:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Folder Deleted : D:\Windows\system32\WNLT
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\955dd88e639ba47
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{103576F6-8A45-CCBC-D028-1946B487D3CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{103576F6-8A45-CCBC-D028-1946B487D3CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\SOFTWARE\955dd88e639ba47
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{103576F6-8A45-CCBC-D028-1946B487D3CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103576F6-8A45-CCBC-D028-1946B487D3CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\WNLT
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.simplespeedy.info/ --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.simplespeedy.info/ --> hxxp://www.google.com
 
-\\ Google Chrome v26.0.1410.64
 
File : D:\Users\Shokrullah Jahya\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : D:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.45] : icon_url = "hxxp://www.babylon.com/favicon.ico",
Deleted [l.48] : keyword = "babylon.com",
Deleted [l.52] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=114022&tt=3112_7&babsrc=SP_ss&[...]
Deleted [l.2917] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=120095&babsrc=HP_ss&mntrId=B[...]
 
*************************
 
AdwCleaner[S1].txt - [31942 octets] - [25/04/2013 05:10:30]
 
########## EOF - D:\AdwCleaner[S1].txt - [32003 octets] ##########


#4 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 24 April 2013 - 05:23 PM

its what i got and the svchost.exe is still there and avg cant delet them if you have teamveiver u could help me?



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 PM

Posted 24 April 2013 - 05:56 PM


Hello kid13

it will take a couple of posts but you are doing very well.I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 25 April 2013 - 08:38 AM

i dont know how to turn of securty software i need like figurs to understand i have avg internet security 



#7 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 25 April 2013 - 08:42 AM

will it help if i just put new windows on it will the virus be gone?



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 PM

Posted 25 April 2013 - 10:57 AM

go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 25 April 2013 - 02:42 PM

why thess fils shows as virus?



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 PM

Posted 25 April 2013 - 03:14 PM

Hello


I ask when you are running this to turn off your antivirus


2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 25 April 2013 - 03:22 PM

i will run it now, sometime the virus puting my internet down i dont know how but internet not working all the time just on this computer! 

and if i just put new windows 7 on this computer will the virus be gone?



#12 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 25 April 2013 - 03:24 PM

ComboFix 13-04-25.01 - Administrator 04/26/2013   2:53.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2047.1284 [GMT 2:00]
Running from: d:\users\Administrator\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programdata\Barowsoe2sAve
d:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast
d:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\Uninstall wxDownload Fast.lnk
d:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload
d:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload\Uninstall.lnk
d:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload\wxDownload.lnk
d:\programdata\SSeaRch-NewTab
d:\programdata\wxDownload
d:\programdata\wxDownload\5089c5bf674a3.ocx
d:\programdata\wxDownload\5089c5bf674dc.html
d:\programdata\wxDownload\5089c5bf67514.js
d:\programdata\wxDownload\data\5089c5bf67514.js
d:\programdata\wxDownload\paigfioflgcghncmdjinpcgpclmdajbm.crx
d:\programdata\wxDownload\settings.ini
d:\programdata\wxDownload\uninstall.exe
d:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\babylon
d:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\dealply
d:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\pcspeed
d:\users\Administrator\AppData\Roaming\fFrch.vbs
d:\users\Administrator\AppData\Roaming\hCFkb.vbs
d:\users\Administrator\AppData\Roaming\myFsH.vbs
d:\users\Administrator\AppData\Roaming\Roaming
d:\users\Administrator\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
d:\windows\IsUn0414.exe
d:\windows\system32\System32\MASetupCleaner.exe
d:\windows\system32\System32\muzapp.exe
d:\windows\system32\URTTemp
d:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-26 to 2013-04-26  )))))))))))))))))))))))))))))))
.
.
2013-04-26 01:10 . 2013-04-26 01:10 -------- d-----w- d:\users\Shokrullah Jahya\AppData\Local\temp
2013-04-26 01:09 . 2013-04-26 01:09 -------- d-----w- d:\users\Default\AppData\Local\temp
2013-04-19 18:38 . 2013-04-19 18:38 -------- d-----w- d:\program files\Common Files\Java
2013-04-19 17:05 . 2013-04-04 03:35 94112 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2013-04-10 12:29 . 2013-03-01 03:09 2347008 ----a-w- d:\windows\system32\win32k.sys
2013-04-10 12:29 . 2013-01-24 04:47 196328 ----a-w- d:\windows\system32\drivers\fvevol.sys
2013-04-10 12:29 . 2013-03-19 05:04 3913560 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-04-10 12:29 . 2013-03-19 05:04 3968856 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-04-10 12:29 . 2013-03-19 04:48 38912 ----a-w- d:\windows\system32\csrsrv.dll
2013-04-10 12:29 . 2013-03-19 02:49 69632 ----a-w- d:\windows\system32\smss.exe
2013-04-10 12:29 . 2013-02-15 04:37 3217408 ----a-w- d:\windows\system32\mstscax.dll
2013-04-10 12:29 . 2013-02-15 04:34 131584 ----a-w- d:\windows\system32\aaclient.dll
2013-04-10 12:29 . 2013-02-15 03:25 36864 ----a-w- d:\windows\system32\tsgqec.dll
2013-04-10 12:29 . 2013-03-02 05:07 1212264 ----a-w- d:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 17:04 . 2013-03-12 13:51 34592 ----a-w- d:\windows\system32\drivers\avgtpx86.sys
2013-03-21 13:28 . 2013-01-21 21:29 861088 ----a-w- d:\windows\system32\npDeployJava1.dll
2013-03-21 13:28 . 2012-04-12 13:47 782240 ----a-w- d:\windows\system32\deployJava1.dll
2013-03-12 23:43 . 2012-08-04 15:35 693976 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2013-03-12 23:43 . 2012-01-01 21:07 73432 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 23:12 474112 ----a-w- d:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:12 2176512 ----a-w- d:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-15 11:32 15872 ----a-w- d:\windows\system32\drivers\usb8023.sys
2013-02-08 00:45 . 2013-03-12 13:23 6954968 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{0B1112C7-EBB8-46A5-8579-7B5F763992A2}\mpengine.dll
2013-02-01 19:38 . 2003-03-18 18:14 499712 ----a-w- d:\windows\system32\msvcp71.dll
2013-02-01 19:38 . 2003-02-21 02:42 348160 ----a-w- d:\windows\system32\msvcr71.dll
2011-05-20 22:02 . 2011-05-20 22:02 573440 ----a-w- d:\program files\id3lib.dll
2010-07-28 12:39 . 2010-07-28 12:39 163840 ----a-w- d:\program files\ikpMP3.dll
2008-06-05 10:04 . 2008-06-05 10:04 269312 ----a-w- d:\program files\devil.dll
2004-08-04 15:25 . 2004-08-04 15:25 180224 ----a-w- d:\program files\cgGL.dll
2004-08-04 15:25 . 2004-08-04 15:25 1388544 ----a-w- d:\program files\cg.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 15:31 576976 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 15:31 576976 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 15:31 576976 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 15:31 576976 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="d:\windows\system32\READREG" [X]
"CtxfiReg"="CTXFIREG.exe" [2008-02-20 43520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sasnative32
.
[HKLM\~\startupfolder\D:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk]
path=d:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
backup=d:\windows\pss\Microsoft SharePoint Workspace.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\D:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tcbhn.lnk]
path=d:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
backup=d:\windows\pss\tcbhn.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACROX A1H Mouse]
2009-12-01 20:28 188416 ----a-w- d:\program files\Gaming mouse\Monitor.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2011-01-05 17:19 3396624 ----a-w- d:\program files\Alwil Software\Avast5\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2012-12-11 02:52 3147384 ----a-w- d:\program files\AVG\AVG2013\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 16:22 91520 ----a-w- d:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Connectify]
2012-10-25 18:34 4010856 ----a-w- d:\program files\Connectify\Connectify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-02-20 20:58 19456 ----a-w- d:\windows\System32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2008-02-20 20:58 19968 ----a-w- d:\windows\System32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-27 20:24 116648 ----atw- d:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57 152544 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-05-30 01:18 21432 ----a-w- d:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-05-30 01:17 3521464 ----a-w- d:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 11:18 205336 ----a-w- d:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- d:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-01-16 08:54 717696 ----a-w- d:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- d:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- d:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 14:23 18709248 ----a-r- d:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-04-17 12:05 4555776 ----a-w- d:\users\Administrator\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-04-17 12:05 1105408 ----a-w- d:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 09:07 199752 ----a-w- d:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-04-11 17:04 1223344 ----a-w- d:\program files\AVG SafeGuard toolbar\vprot.exe
.
R2 avgfws;AVG Firewall;d:\program files\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;d:\windows\system32\Drivers\ssadadb.sys [x]
R3 BCASPROT;Advanced System Protector;d:\program files\Systweak\Advanced System Protector\sasprot32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;d:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);d:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);d:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;d:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);d:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;d:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;d:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;d:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;f:\programfiles\Game Booster 3\Driver\WinRing0.sys [x]
R4 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;d:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;d:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;d:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;d:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;d:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;d:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;d:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;d:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;d:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;d:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;d:\windows\system32\drivers\avgtpx86.sys [x]
S1 cnnctfy2;Connectify LightWeight Filter;d:\windows\system32\DRIVERS\cnnctfy2.sys [x]
S2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Connectify;Connectify;d:\program files\Connectify\ConnectifyService.exe [x]
S2 NAUpdate;Nero Update;d:\program files\Nero\Update\NASvc.exe [x]
S2 TeamViewer8;TeamViewer 8;d:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;d:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 PAC207;SoC PC-Camera;d:\windows\system32\DRIVERS\PFC027.SYS [x]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;d:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-26 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 23:44]
.
2013-04-26 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2013-03-11 19:27]
.
2013-04-26 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2013-03-11 19:27]
.
2013-04-25 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123325925-2041240736-1858986807-1002Core.job
- d:\users\Shokrullah Jahya\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 20:13]
.
2013-04-26 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123325925-2041240736-1858986807-1002UA.job
- d:\users\Shokrullah Jahya\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-12 20:13]
.
2013-04-25 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123325925-2041240736-1858986807-500Core.job
- d:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 20:24]
.
2013-04-26 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3123325925-2041240736-1858986807-500UA.job
- d:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-27 20:24]
.
2013-04-26 d:\windows\Tasks\OptimizerPro1UpdaterTask{FDE3C239-2B86-4BAB-A2F7-7055E604B642}.job
- d:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-10-25 14:50]
.
2013-04-26 d:\windows\Tasks\schedule!1530322238.job
- d:\programdata\BetterSoft\ContinueToSave\ContinueToSave.exe [2013-02-17 19:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.protectedsearch.com?si=41570&home=true&tid=3026&q=
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://search.protectedsearch.com?si=41570&home=true&tid=3026&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: d:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 77.222.196.5 77.222.196.250
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Facebook Update - d:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-KiesHelper - d:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-msnmsgr - ~d:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Optimizer Pro - d:\program files\Optimizer Pro\OptProLauncher.exe
MSConfigStartUp-Pokki - %LOCALAPPDATA%\Pokki\Engine\pokki.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - f:\programfiles\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-ContinueToSave - d:\progra~2\INSTAL~2\CONTIN~1\Setup.exe
AddRemove-Optimizer Pro_is1 - d:\program files\Optimizer Pro\unins000.exe
AddRemove-OptimizerPro1 - d:\progra~2\INSTAL~2\OPTIMI~1\Setup.exe
AddRemove-Serious Sam 3_is1 - d:\program files\Serious Sam 3\unins000.exe
AddRemove-SP_8697f45a - d:\program files\BrowseToSave\uninstall.exe
AddRemove-SP_db6257b3 - d:\program files\ContinueToSave\uninstall.exe
AddRemove-SP_e86e8130 - d:\program files\WxDFast\uninstall.exe
AddRemove-Shipsim - d:\program files\Vstep\ShipSim2006\uninstall.exe
AddRemove-{088DF54D-6FFC-8C91-02D5-A461DCC2E652} - d:\programdata\wxDownload\uninstall.exe
AddRemove-{096168E4-45F0-4291-A07A-0DD2D2824A12} - d:\progra~2\INSTAL~2\{09616~1\Setup.exe
AddRemove-{3D33C5E1-7166-7AFA-1D14-99DBF14FADD4} - d:\progra~2\INSTAL~2\{64F62~1\Setup.exe
AddRemove-{9FAD220A-64E6-4CB7-8488-F728C8E25D6D}_is1 - d:\program files\World Of Warcraft Classic\unins000.exe
AddRemove-{C0EBA469-C04E-4422-A6C9-886C1B08869F} - d:\progra~2\INSTAL~2\{C0EBA~1\Setup.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - d:\programdata\continuetosave\uninstall.exe
AddRemove-01_Simmental - d:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - d:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - d:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{D205E922-7D87-3922-02C4-39CA4854F2CB} - d:\progra~2\INSTAL~2\{65A01~1\Setup.exe
AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3123325925-2041240736-1858986807-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,23,
   8b,36,1c,d2,02,9b,c5,16,24,74,4b,22,db
"{00CBB66B-1D3B-46D3-9577-323A336ACB50}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,ab,d8,
   1b,0f,4d,be,0e,80,7e,75,7a,31,29,8a,4d
"{11111111-1111-1111-1111-110011501160}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,02,
   0a,25,41,7c,59,04,18,56,40,13,13,50,7d
"{963B125B-8B21-49A2-A3A8-E37092276531}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,0f,28,
   8d,15,db,cf,01,b6,a1,a4,30,90,64,24,2c
"{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}"=hex:51,66,7a,6c,4c,1d,3b,1b,37,52,04,
   bd,cb,4f,bb,a9,bc,36,fd,08,af,1e,95,55
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,11,7e,
   28,b1,da,57,08,ac,db,22,82,90,80,d1,9a
"{103576F6-8A45-CCBC-D028-1946B487D3CC}"=hex:51,66,7a,6c,4c,1d,3b,1b,e6,6b,26,
   0b,71,da,d1,84,c5,21,5e,06,b6,c4,92,d1
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,3e,
   56,8a,39,17,0f,85,fc,ba,9b,07,76,38,68
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,85,9b,
   83,19,14,b0,01,8c,de,9b,c6,69,ab,3c,a1
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,96,
   69,f1,60,4f,05,a2,f0,4c,fc,1f,7b,e2,63
"{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}"=hex:51,66,7a,6c,4c,1d,3b,1b,4d,84,b5,
   bc,d5,3e,bc,07,b7,51,0e,79,5f,18,b8,81
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,07,47,
   31,c2,0b,08,0e,bd,aa,88,e9,65,6d,03,8c
.
[HKEY_USERS\S-1-5-21-3123325925-2041240736-1858986807-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:fa,fa,40,7c,dd,3e,ce,01
.
[HKEY_USERS\S-1-5-21-3123325925-2041240736-1858986807-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,01,37,36,99,46,7f,41,8b,fd,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,2d,ab,85,87,48,47,46,be,8f,3d,\
.
[HKEY_USERS\S-1-5-21-3123325925-2041240736-1858986807-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3123325925-2041240736-1858986807-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3123325925-2041240736-1858986807-500\Software\SecuROM\License information*]
"datasecu"=hex:dd,60,01,d9,9e,46,90,45,ad,1c,d5,36,c6,43,99,25,3f,cb,33,df,3d,
   da,26,31,16,35,84,7b,af,61,d1,72,05,6e,7c,34,c3,80,31,1d,fd,8d,e3,e2,25,17,\
"rkeysecu"=hex:5e,5f,b2,2a,1a,2d,7a,75,94,f7,bf,00,21,04,b6,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-26  03:14:54
ComboFix-quarantined-files.txt  2013-04-26 01:14
.
Pre-Run: 110,610,464,768 bytes free
Post-Run: 119,990,071,296 bytes free
.
- - End Of File - - 305216E4B585E9612B2A9B4EC6AC33D5


#13 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 25 April 2013 - 03:26 PM

you may let me know if i have done somthing wrong ill retry it and can i put on antivirus?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:17 PM

Posted 26 April 2013 - 08:38 AM


Hello kid13

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
d:\programdata\Premium\OptimizerPro1
d:\programdata\BetterSoft\ContinueToSave
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kid13

kid13
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:norway
  • Local time:02:17 AM

Posted 26 April 2013 - 10:39 AM

notepad is not opning for some reation its like i am hiting on empty place when i clikc on it






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users