Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Internet security" Fake AV removed, but...


  • This topic is locked This topic is locked
14 replies to this topic

#1 hiya123

hiya123

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 20 May 2013 - 01:24 AM

now i cant start the security center "the security center service can't be started" is the error message. When i go to services.msc it is not listed. It seems this "internet security" that looks exactly the same as "smart security" in your self help removal guides removed a registry key or 2.. i also cant start MSE i get "c:\program files\microsoft security client\msseces.exe The specified path does not exist" But that path is where im running it from.

 

Also i ran sfc /scannow and it went 63% of verfication phase then stopped and said "windows resource protection could not perform the requested operation"

 

Thanks for any help and just let me know what you need.

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 1.6.0_26
Run by Owner at 1:05:44 on 2013-05-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3998.2065 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\schtasks.exe
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
c:\users\owner\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=49FA00265E125D48
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: FindLyrics: {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
BHO: DealPly Shopping: {a6c63b7f-2171-47fa-ab34-e64c4737169d} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Owner\AppData\Local\ArcadeCandy\candyEX.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.0\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} -
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.0\deltaTlbr.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.14/uploader2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4BBAB293-87AE-4A30-8A70-70757C66456C} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=49FA00265E125D48
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 49fa998000000000000000265e125d48
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15844
FF - user.js: extensions.delta.vrsn - 1.8.21.0
FF - user.js: extensions.delta.vrsni - 1.8.21.0
FF - user.js: extensions.delta.vrsnTs - 1.8.21.023:43:46
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 39768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/12 13:09:36];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [2009-7-12 89088]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-5-18 2787280]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-11-25 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-9-6 72216]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-29 990896]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2013-5-2 109064]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 222512]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-22 126464]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-2 89920]
SUnknown NisSrv;NisSrv; [x]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-16 15:04:52    75016696    ----a-w-    C:\Windows\System32\mrt.exe
2013-05-05 21:36:54    17818624    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43    12324864    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:19:09    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:01:06    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:58:59    237056    ----a-w-    C:\Windows\System32\url.dll
2013-04-05 00:57:27    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:57    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-05 00:54:50    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-04-05 00:54:25    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-04-05 00:51:52    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-04-05 00:46:50    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:09:30    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:58    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 22:01:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-04-04 21:59:49    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:58:24    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:56:41    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-04-04 21:55:19    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-04-04 21:54:42    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-04-04 21:50:34    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-04-04 19:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-29 21:22:45    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-03-16 06:30:42    4546560    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2013-03-11 13:33:42    4691304    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-09 04:16:35    85504    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-09 01:48:36    75264    ----a-w-    C:\Windows\System32\smss.exe
2013-03-08 04:18:52    451072    ----a-w-    C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12    2425344    ----a-w-    C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22    2067968    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-03-03 19:13:14    1513320    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH:  1:06:25.94 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 21 May 2013 - 03:36 PM

Hello hiya123! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

STEP 1
 

  • Please download RogueKiller and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

STEP 2

 

  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Press the Windows Logo in the bottom left corner of your screen.
  • In the 10-16-2011%204-33-46%20PM.png box, enter notepad and press Enter.
  • Navigate to format and make sure that wordwrap is unchecked. <--- important !!!
  • Highlight the contents of the following quotebox, and copy and paste that text into notepad.

     

    @ECHO OFF
    dir /a/b c:\windows\junction.exe >c:\log.txt 2>&1
    junction -s c:\>>c:\log.txt
    echo.End of Scan >>c:\log.txt
    notepad c:\log.txt
  • Select File -> Save.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.
  • A command window opens starting to scan the system. Wait until a log file opens. Upload it here and post the link to the log.

 

 

 

STEP 3

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi

 


cXfZ4wS.png


#3 hiya123

hiya123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 21 May 2013 - 05:50 PM

Hey Georgi and thanks so much for your help!!! :)
 
Here are the logs you requested, just let me know if you need anything else.
 
STEP 1  RKreport
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 05/21/2013 17:10:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 5 ¤¤¤
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> KILLED [TermProc]
[BLACKLIST] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> KILLED [TermProc]
[SUSP PATH] tv_x64.exe -- C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe [7] -> KILLED [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> KILLED [TermProc]
[RESIDUE] BrowserProtect.exe -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 16 ¤¤¤
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [7] -> FOUND
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\BrowserProtect (C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe) [7] -> FOUND
[TASK][SUSP PATH] Dealply.job : C:\Users\Owner\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe /Check [7] -> FOUND
[TASK][SUSP PATH] CandyUpdater.job : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe  [-] -> FOUND
[TASK][SUSP PATH] CandyUpdater : C:\Users\Owner\AppData\Local\ArcadeCandy\candyUpdater.exe  [-] -> FOUND
[TASK][SUSP PATH] Dealply : C:\Users\Owner\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe /Check [7] -> FOUND
[TASK][SUSP PATH] EPUpdater : C:\Users\Owner\AppData\Roaming\BabSolution\Shared\BabMaint.exe  [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3097393548-419834768-1546721340-1000\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3097393548-419834768-1546721340-1000\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS ATA Device +++++
--- User ---
[MBR] eec2043407d90a376ec417358f19bc69
[BSP] c6d68ba16ed0aefccc81f2edc02dc5bf : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 291893 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597798912 | Size: 13348 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic Mass Storage USB Device +++++
--- User ---
[MBR] a69325f676cc43a9693dea2ac1689fe6
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 135 | Size: 942 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05212013_02d1710.txt >>
RKreport[1]_S_05212013_02d1710.txt


 
STEP 2  junction log
 
 
http://www.filedropper.com/log_2
 
 
STEP 3  FRST.txt  &  Addition.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2013 02
Ran by Owner (administrator) on 21-05-2013 17:39:35
Running from C:\Users\Owner\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TeamViewer GmbH) C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Owner\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) c:\users\owner\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
() C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
() C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Farbar) C:\Users\Owner\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [206120 2009-05-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2008-11-15] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [417792 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [141600 2009-11-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1219248 2013-03-29] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKU\LogMeInRemoteUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKU\LogMeInRemoteUser\...\RunOnce: [avg_spchecker] "C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe" /start [x]
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=49FA00265E125D48
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM - {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=49FA00265E125D48
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119351&tt=gc_&babsrc=SP_ss&mntrId=49FA00265E125D48
SearchScopes: HKCU - {34ABD1FB-DA97-4BF2-9830-CD3FABCCDCA9} URL = http://search.avg.com/route/?d=4b016a54&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={7233EEDE-A2D0-49F1-9841-079D1D6CF73A}&mid=500df0a5ba8528a036d90bd89759f565-1965f646f3917016c03a907e6b77ba882448ba00&lang=en&ds=AVG&pr=fr&d=2011-10-19 21:10:08&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {DFD7B0E7-C96B-4D91-A1E0-75F7A079CA5A} URL = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUVUS&apn_uid=5362dc8d-9741-48e6-81c8-67d7e883078f&apn_sauid=92D0E8F9-EF9A-4A2F-9909-DD5EA558BCBC
SearchScopes: HKCU - {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: FindLyrics - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll (FindLyrics)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll No File
BHO-x32: DealPly Shopping - {a6c63b7f-2171-47fa-ab34-e64c4737169d} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: ArcadeCandy Games - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Owner\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
PDF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
PDF: HKLM-x32 {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
PDF: HKLM-x32 {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/58.14/uploader2.cab
PDF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
PDF: HKLM-x32 {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
PDF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://www.ritzpix.com/net/Uploader/LPUploader57.cab
PDF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [193024] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=49FA00265E125D48
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\m3ffxtbr@mywebsearch.com
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\staged
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: DealPly  Shopping - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\{42e0ced7-806f-4983-af54-92bdeefee519}

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation)
R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-11-11] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147888 2012-11-11] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-12-14] (LogMeIn, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] ()
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\STacSV64.exe [279040 2008-10-26] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
R2 vToolbarUpdater15.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-03-29] ()
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] ()

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-29] (AVG Technologies)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
S1 bcpebttp; \??\C:\Windows\system32\drivers\bcpebttp.sys [x]
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-21 17:39 - 2013-05-21 17:39 - 00000000 ____D C:\FRST
2013-05-21 17:27 - 2013-05-21 17:27 - 00000140 ____A C:\Users\Owner\Desktop\Fix.bat
2013-05-21 17:24 - 2010-09-07 15:39 - 00150392 ____A (Sysinternals - www.sysinternals.com) C:\Windows\junction.exe
2013-05-21 17:10 - 2013-05-21 17:10 - 00004367 ____A C:\Users\Owner\Desktop\RKreport[1]_S_05212013_02d1710.txt
2013-05-21 17:09 - 2013-05-21 17:10 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2013-05-21 17:08 - 2013-05-21 17:07 - 01878328 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-05-21 17:04 - 2013-05-21 17:03 - 00816128 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2013-05-21 17:02 - 2013-05-19 21:28 - 03975952 ____A (TeamViewer) C:\Users\Owner\Desktop\TeamViewerQS_en(2).exe
2013-05-21 00:31 - 2013-05-21 00:31 - 00000395 ____A C:\Users\Owner\Documents - Shortcut.lnk
2013-05-21 00:00 - 2013-05-21 00:00 - 00042968 ____A C:\Users\Owner\Desktop\Extras.Txt
2013-05-20 23:59 - 2013-05-20 23:59 - 00087040 ____A C:\Users\Owner\Desktop\OTL.Txt
2013-05-20 23:50 - 2013-05-20 23:44 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-05-20 01:09 - 2013-05-20 01:09 - 00008825 ____A C:\Users\Owner\Desktop\attach.txt
2013-05-20 01:09 - 2013-05-20 01:06 - 00021564 ____A C:\Users\Owner\Desktop\dds.txt
2013-05-20 01:05 - 2013-05-20 01:05 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-05-19 22:30 - 2013-05-19 22:30 - 00000000 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-05-19 22:05 - 2013-05-19 22:05 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 21:54 - 2013-05-19 21:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
2013-05-18 23:44 - 2013-05-20 21:57 - 00000452 ___AH C:\Windows\Tasks\Norton Security Scan for Owner.job
2013-05-18 23:44 - 2013-05-18 23:44 - 00001179 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK
2013-05-18 23:44 - 2013-05-18 23:44 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2013-05-18 23:44 - 2013-05-18 23:44 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-05-18 23:44 - 2013-05-18 23:44 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-05-18 23:43 - 2013-05-21 16:43 - 00000290 ____A C:\Windows\Tasks\Dealply.job
2013-05-18 23:43 - 2013-05-20 23:43 - 00000000 ____A C:\END
2013-05-18 23:43 - 2013-05-20 23:35 - 00000378 ____A C:\Windows\Tasks\FindLyrics Update.job
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dealply
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Babylon
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BabSolution
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\ProgramData\Babylon
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\FindLyrics
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\Delta
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-05-18 23:43 - 2013-05-18 23:42 - 11091432 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall [1].exe
2013-05-16 10:12 - 2013-04-04 19:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 10:12 - 2013-04-04 19:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 10:12 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 10:12 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 10:12 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 10:11 - 2013-04-04 20:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 10:11 - 2013-04-04 20:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 10:11 - 2013-04-04 20:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 10:11 - 2013-04-04 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 10:11 - 2013-04-04 19:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 10:11 - 2013-04-04 19:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 10:11 - 2013-04-04 19:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 10:11 - 2013-04-04 19:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 10:11 - 2013-04-04 19:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 10:11 - 2013-04-04 19:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 10:11 - 2013-04-04 19:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 10:11 - 2013-04-04 19:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 10:11 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 10:11 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 10:11 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 10:11 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 10:11 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 10:11 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 10:11 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 10:11 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 10:11 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 10:11 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 10:11 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 10:03 - 2013-05-05 16:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 10:03 - 2013-05-05 16:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 10:03 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 10:03 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 19:03 - 2013-04-08 20:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 19:02 - 2013-04-15 09:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 19:02 - 2013-04-12 22:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-04-22 22:27 - 2013-04-22 22:27 - 00000000 ____D C:\Users\Owner\Christmas.LR.2009
2013-04-22 22:22 - 2013-04-22 22:22 - 00001945 ____A C:\Windows\epplauncher.mif
2013-04-22 22:21 - 2013-04-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-22 22:21 - 2013-04-22 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

==================== One Month Modified Files and Folders =======

2013-05-21 17:39 - 2013-05-21 17:39 - 00000000 ____D C:\FRST
2013-05-21 17:27 - 2013-05-21 17:27 - 00000140 ____A C:\Users\Owner\Desktop\Fix.bat
2013-05-21 17:18 - 2009-09-06 19:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 17:10 - 2013-05-21 17:10 - 00004367 ____A C:\Users\Owner\Desktop\RKreport[1]_S_05212013_02d1710.txt
2013-05-21 17:10 - 2013-05-21 17:09 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2013-05-21 17:07 - 2013-05-21 17:08 - 01878328 ____A (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-05-21 17:07 - 2006-11-02 10:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-21 17:07 - 2006-11-02 10:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-21 17:03 - 2013-05-21 17:04 - 00816128 ____A C:\Users\Owner\Desktop\RogueKiller.exe
2013-05-21 16:57 - 2010-12-14 21:13 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-21 16:48 - 2009-07-12 14:27 - 01984547 ____A C:\Windows\WindowsUpdate.log
2013-05-21 16:43 - 2013-05-18 23:43 - 00000290 ____A C:\Windows\Tasks\Dealply.job
2013-05-21 16:43 - 2012-07-08 15:24 - 00000270 ____A C:\Windows\Tasks\CandyUpdater.job
2013-05-21 00:37 - 2009-08-02 13:30 - 00000000 ____D C:\users\Owner
2013-05-21 00:31 - 2013-05-21 00:31 - 00000395 ____A C:\Users\Owner\Documents - Shortcut.lnk
2013-05-21 00:01 - 2009-09-06 19:26 - 00000000 ____D C:\ProgramData\LogMeIn
2013-05-21 00:00 - 2013-05-21 00:00 - 00042968 ____A C:\Users\Owner\Desktop\Extras.Txt
2013-05-20 23:59 - 2013-05-20 23:59 - 00087040 ____A C:\Users\Owner\Desktop\OTL.Txt
2013-05-20 23:44 - 2013-05-20 23:50 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-05-20 23:43 - 2013-05-18 23:43 - 00000000 ____A C:\END
2013-05-20 23:35 - 2013-05-18 23:43 - 00000378 ____A C:\Windows\Tasks\FindLyrics Update.job
2013-05-20 21:57 - 2013-05-18 23:44 - 00000452 ___AH C:\Windows\Tasks\Norton Security Scan for Owner.job
2013-05-20 19:57 - 2010-12-14 21:13 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-20 19:29 - 2013-02-01 20:29 - 00030103 ____A C:\Users\Owner\Desktop\Monthly Exp. Feb. -.xlsx
2013-05-20 02:40 - 2009-08-02 13:34 - 00000334 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-05-20 01:09 - 2013-05-20 01:09 - 00008825 ____A C:\Users\Owner\Desktop\attach.txt
2013-05-20 01:06 - 2013-05-20 01:09 - 00021564 ____A C:\Users\Owner\Desktop\dds.txt
2013-05-20 01:05 - 2013-05-20 01:05 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-05-19 22:30 - 2013-05-19 22:30 - 00000000 ____A C:\Users\Owner\Desktop\New Text Document.txt
2013-05-19 22:21 - 2006-11-02 07:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-19 22:14 - 2008-01-20 22:26 - 00351236 ____A C:\Windows\PFRO.log
2013-05-19 22:14 - 2006-11-02 10:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-19 22:05 - 2013-05-19 22:05 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 22:05 - 2010-02-11 19:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-19 21:54 - 2013-05-19 21:54 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
2013-05-19 21:40 - 2006-11-02 10:42 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-19 21:30 - 2006-11-02 10:27 - 00170011 ____A C:\Windows\setupact.log
2013-05-19 21:28 - 2013-05-21 17:02 - 03975952 ____A (TeamViewer) C:\Users\Owner\Desktop\TeamViewerQS_en(2).exe
2013-05-18 23:44 - 2013-05-18 23:44 - 00001179 ____A C:\Users\Public\Desktop\Norton Security Scan.LNK
2013-05-18 23:44 - 2013-05-18 23:44 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2013-05-18 23:44 - 2013-05-18 23:44 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-05-18 23:44 - 2013-05-18 23:44 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2013-05-18 23:44 - 2009-09-11 08:29 - 00000000 ____D C:\ProgramData\Symantec
2013-05-18 23:44 - 2009-01-13 10:42 - 00000000 ____D C:\ProgramData\Norton
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dealply
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Babylon
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BabSolution
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\ProgramData\Babylon
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\FindLyrics
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\Delta
2013-05-18 23:43 - 2013-05-18 23:43 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-05-18 23:43 - 2009-08-24 22:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-05-18 23:42 - 2013-05-18 23:43 - 11091432 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall [1].exe
2013-05-16 10:32 - 2006-11-02 10:21 - 00314472 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 10:04 - 2006-11-02 07:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-16 09:59 - 2010-02-12 08:57 - 00006080 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2013-05-05 16:36 - 2013-05-16 10:03 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 16:16 - 2013-05-16 10:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 14:25 - 2013-05-16 10:03 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 14:12 - 2013-05-16 10:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 10:29 - 2009-11-05 22:39 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 20:02 - 2011-12-25 21:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2013-04-29 19:45 - 2009-01-13 11:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-04-22 23:05 - 2011-10-19 20:34 - 00000000 ____D C:\ProgramData\MFAData
2013-04-22 23:04 - 2013-03-29 16:18 - 00000000 ____D C:\ProgramData\AVG2013
2013-04-22 22:27 - 2013-04-22 22:27 - 00000000 ____D C:\Users\Owner\Christmas.LR.2009
2013-04-22 22:22 - 2013-04-22 22:22 - 00001945 ____A C:\Windows\epplauncher.mif
2013-04-22 22:21 - 2013-04-22 22:21 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-22 22:21 - 2013-04-22 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-04-22 22:09 - 2010-11-12 14:25 - 00000000 ____A C:\Users\Owner\AppData\Local\prvlcl.dat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3097393548-419834768-1546721340-1000\$ff24043d55f85ce9a20a8337d9b4b888

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

Other Malware:
===========
C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-20 22:45

==================== End Of Log ============================

 

 

 

Thanks again!  :)

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 21 May 2013 - 06:24 PM

Hi again,

 

 

Download file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 hiya123

hiya123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 21 May 2013 - 06:47 PM

Her ya go! :)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-05-2013 02
Ran by Owner at 2013-05-21 18:29:30 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==============================================

C:\Program Files\Windows Defender => Deleting junctions completed successfully.
C:\Program Files\Microsoft Security Client => Deleting junctions completed successfully.
[1660] C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => Process closed successfully.
[1632] C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => Process closed successfully.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => No running process found
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully.
HKEY_USERS\LogMeInRemoteUser\Software\Microsoft\Windows\CurrentVersion\RunOnce\\avg_spchecker => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key deleted successfully.
HKCR\CLSID\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34ABD1FB-DA97-4BF2-9830-CD3FABCCDCA9} => Key deleted successfully.
HKCR\CLSID\{34ABD1FB-DA97-4BF2-9830-CD3FABCCDCA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DFD7B0E7-C96B-4D91-A1E0-75F7A079CA5A} => Key deleted successfully.
HKCR\CLSID\{DFD7B0E7-C96B-4D91-A1E0-75F7A079CA5A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key deleted successfully.
HKCR\CLSID\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6c63b7f-2171-47fa-ab34-e64c4737169d} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{a6c63b7f-2171-47fa-ab34-e64c4737169d} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => Key deleted successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\ffxtlbr@babylon.com => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\ffxtlbr@delta.com => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\m3ffxtbr@mywebsearch.com => Moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\Extensions\{42e0ced7-806f-4983-af54-92bdeefee519} => Moved successfully.
BrowserProtect => Service deleted successfully.
vToolbarUpdater15.0.0 => Service deleted successfully.
WajamUpdater => Service deleted successfully.
avgtp => Service deleted successfully.
bcpebttp => Service deleted successfully.
catchme => Service deleted successfully.
C:\Windows\Tasks\Norton Security Scan for Owner.job => Moved successfully.
C:\Users\Public\Desktop\Norton Security Scan.LNK => Moved successfully.
C:\Program Files (x86)\Norton Security Scan => Moved successfully.
C:\Windows\Tasks\Dealply.job => Moved successfully.
C:\Users\Owner\AppData\Roaming\Dealply => Moved successfully.
C:\Users\Owner\AppData\Roaming\Babylon => Moved successfully.
C:\Users\Owner\AppData\Roaming\BabSolution => Moved successfully.
C:\ProgramData\Babylon => Moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.
C:\Program Files (x86)\AVG Secure Search => Moved successfully.
C:\Program Files (x86)\DealPly => Moved successfully.
C:\Program Files (x86)\FindLyrics => Moved successfully.
C:\Program Files (x86)\Wajam => Moved successfully.
C:\Users\Owner\AppData\Local\ArcadeCandy => Moved successfully.
C:\Program Files (x86)\Delta => Moved successfully.

"C:\ProgramData\BrowserProtect" directory move:

Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23. => Scheduled to move on reboot.
Could not move C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js. => Scheduled to move on reboot.
Could not move "C:\ProgramData\BrowserProtect" directory. => Scheduled to move on reboot.

C:\ProgramData\Symantec => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
C:\ProgramData\MFAData => Moved successfully.
C:\ProgramData\AVG2013 => Moved successfully.
C:\Program Files (x86)\AVG => Moved successfully.
C:\Users\Owner\AppData\Local\prvlcl.dat => Moved successfully.
C:\$recycle.bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 => Moved successfully.
C:\$recycle.bin\S-1-5-21-3097393548-419834768-1546721340-1000\$ff24043d55f85ce9a20a8337d9b4b888 => Directory moved successfully.

=========== Result of Scheduled Files to move ===========
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 => File could not move.
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js => File could not move.
C:\ProgramData\BrowserProtect => Directory could not move.

==== End of Fixlog ====

 

 

Thanks!!! :)



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 22 May 2013 - 02:23 PM

Hi,

 

 

 

STEP 1



Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Run%20as%20admin.png
  • Select the Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically.
  • A text file will open after the restart. Please post the content of that log file in your reply.


STEP 2



thisisujrt.gif  Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

STEP 3

 

 

Please follow the instructions below:

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.46625204.png
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop
  • Push the runscanbutton.png button.
  • One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

 

 

 

Regards,

Georgi


cXfZ4wS.png


#7 hiya123

hiya123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 24 May 2013 - 02:40 PM

Hey Georgi! Sorry for some reason i didnt get a email notice of your last reply... I will be posting the logs in a few hours  :)



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 24 May 2013 - 04:57 PM

No worries - take your time! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 hiya123

hiya123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 24 May 2013 - 06:28 PM

Thanks so much for your time :)

 

 

STEP 1

 

 

# AdwCleaner v2.301 - Logfile created 05/24/2013 at 16:08:42
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\ProgramData\BrowserProtect
Deleted on reboot : C:\Users\Owner\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Owner\AppData\Local\Temp\AskSearch
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\AVG Security Toolbar
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\extensions\staged
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\bProtector_extensions.rdf
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\bprotector_prefs.js
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\searchplugins\delta.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\5ff8888bd35e441
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5ff8888bd35e441
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5.2 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\84oy7rkg.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Delta Search");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.bbDpng", "21");
Deleted : user_pref("extensions.delta.cntry", "US");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.hdrMd5", "");
Deleted : user_pref("extensions.delta.id", "49fa998000000000000000265e125d48");
Deleted : user_pref("extensions.delta.instlDay", "15844");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.023:43:46");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.sg", "azb");
Deleted : user_pref("extensions.delta.smplGrp", "azb");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.0");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.023:43:46");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [16179 octets] - [24/05/2013 16:08:42]

########## EOF - C:\AdwCleaner[S1].txt - [16240 octets] ##########
 

 

 

 

 

 

STEP 2

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Owner on Fri 05/24/2013 at 17:38:08.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3097393548-419834768-1546721340-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}



~~~ Files

Successfully deleted: [File] "C:\Windows\tasks\candyupdater.job"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\games@acandy.com



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/24/2013 at 17:43:03.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

STEP 3

 

OTL LOG  http://pastebin.com/m74DyxRr

 

 

Thanks Again!!!



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 26 May 2013 - 03:15 PM

Hey,

 

 

I am sorry about the delay. I was swamped witj work the last few days. :(

 

 

We need to run an OTL Fix



  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - prefs.js..extensions.enabledItems: {42e0ced7-806f-4983-af54-92bdeefee519}:2.0
    FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
    FF - prefs.js..extensions.enabledItems: findlyrics@findlyrics.co:1.111
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files (x86)\FindLyrics\FF\
    File not found (No name found) -- C:\PROGRAM FILES (X86)\FINDLYRICS\FF
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84OY7RKG.DEFAULT\EXTENSIONS\{42E0CED7-806F-4983-AF54-92BDEEFEE519}
    File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84OY7RKG.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    [2013/05/18 23:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
    [2013/05/18 23:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
    [2013/05/18 23:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0400000.030
    [2013/05/18 23:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2013/03/29 16:25:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG2013
    [2013/03/29 16:23:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
    [2013/03/29 16:22:45 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/05/18 23:43:22 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\FindLyrics Update.job
    [2013/04/01 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Local\Avg2013
    [2013/03/29 16:22:39 | 003,169,360 | ---- | M] () -- C:\Users\Owner\AppData\Local\temp\oi_{DA3E3D4C-629B-4E7E-9F75-5F2D61FF6984}.exe
    [2011/10/19 21:01:14 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
    [2009/01/13 10:41:37 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller
    [2012/09/03 19:25:25 | 004,720,736 | ---- | M] () -- C:\Windows\temp\CommonInstaller.exe
    [2012/09/03 19:25:12 | 000,163,936 | ---- | M] () -- C:\Windows\temp\MachineIdCreator.exe
    [2012/09/03 19:25:17 | 008,212,064 | ---- | M] () -- C:\Windows\temp\ToolbarInstaller.exe
    [2013/01/24 15:47:50 | 003,142,736 | ---- | M] () -- C:\Windows\temp\{057A99E9-FDDD-49B8-AAC9-F859A59338E9}.exe
    [2012/09/03 19:24:45 | 012,308,576 | ---- | M] () -- C:\Windows\temp\{6D209E49-5022-4684-A9DF-193CDEF01837}.exe
    [2012/07/11 19:37:58 | 010,249,824 | ---- | M] () -- C:\Windows\temp\{74DCE49F-F4BD-4333-9730-4DD1E53BA3DC}.exe
    [2012/09/25 10:01:06 | 000,245,856 | ---- | M] () -- C:\Windows\temp\{7F8E54F0-2678-4ECD-AC91-130F82FCE1B4}.exe
    [2013/02/11 11:07:43 | 003,066,448 | ---- | M] () -- C:\Windows\temp\{9A935578-7C79-427B-9431-7308491EA643}.exe
    [2013/02/20 09:54:36 | 003,085,904 | ---- | M] () -- C:\Windows\temp\{E7FC5EFE-8916-4811-A11E-71269D116DF2}.exe
    [2012/11/11 21:36:19 | 002,785,888 | ---- | M] () -- C:\Windows\temp\{EEDACDE4-07EC-44DF-91CD-D67F8EF69EC1}.exe
    [2010/04/20 08:17:04 | 000,000,000 | -HSD | M] -- C:\Windows\sysnative\%APPDATA%
    :commands
    [emptytemp]
  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post

 

 

Regards,

Georgi


cXfZ4wS.png


#11 hiya123

hiya123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 26 May 2013 - 04:21 PM

Hey Georgi and no problem! i appreciate the help :)

 

Here ya go

 

 

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: {42e0ced7-806f-4983-af54-92bdeefee519}:2.0 removed from extensions.enabledItems
Prefs.js: ffxtlbr@delta.com:1.5.0 removed from extensions.enabledItems
Prefs.js: findlyrics@findlyrics.co:1.111 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co deleted successfully.
File C:\Program Files (x86)\FindLyrics\FF not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
C:\Windows\SysNative\drivers\NSSx64\0400000.030 folder moved successfully.
C:\Windows\SysNative\drivers\NSSx64 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan folder moved successfully.
Folder C:\Windows\SysNative\drivers\NSSx64\0400000.030\ not found.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\_lck folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.0.48\Images folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.0.48\09\01 folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.0.48\09 folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.0.48 folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS folder moved successfully.
C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35} folder moved successfully.
C:\Program Files (x86)\NortonInstaller\_lck folder moved successfully.
C:\Program Files (x86)\NortonInstaller folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG2013\cfgall folder moved successfully.
C:\Users\Owner\AppData\Roaming\AVG2013 folder moved successfully.
C:\Users\Owner\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Owner\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Owner\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
C:\Windows\Tasks\FindLyrics Update.job moved successfully.
C:\Users\Owner\AppData\Local\Avg2013\temp folder moved successfully.
C:\Users\Owner\AppData\Local\Avg2013\log folder moved successfully.
C:\Users\Owner\AppData\Local\Avg2013 folder moved successfully.
C:\Users\Owner\AppData\Local\Temp\oi_{DA3E3D4C-629B-4E7E-9F75-5F2D61FF6984}.exe moved successfully.
C:\ProgramData\avg9\update\prepare\temp folder moved successfully.
C:\ProgramData\avg9\update\prepare folder moved successfully.
C:\ProgramData\avg9\update\backup folder moved successfully.
C:\ProgramData\avg9\update folder moved successfully.
C:\ProgramData\avg9\Temp folder moved successfully.
C:\ProgramData\avg9\scanlogs folder moved successfully.
C:\ProgramData\avg9\Log folder moved successfully.
C:\ProgramData\avg9\emc\Queue\TEMP folder moved successfully.
C:\ProgramData\avg9\emc\Queue\OUT folder moved successfully.
C:\ProgramData\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\ProgramData\avg9\emc\Queue\IN folder moved successfully.
C:\ProgramData\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\ProgramData\avg9\emc\Queue folder moved successfully.
C:\ProgramData\avg9\emc\Log folder moved successfully.
C:\ProgramData\avg9\emc folder moved successfully.
C:\ProgramData\avg9\Dumps folder moved successfully.
C:\ProgramData\avg9\CfgAll folder moved successfully.
C:\ProgramData\avg9\Cfg folder moved successfully.
C:\ProgramData\avg9\AvgApi folder moved successfully.
C:\ProgramData\avg9\AvgAm folder moved successfully.
C:\ProgramData\avg9\admincli folder moved successfully.
C:\ProgramData\avg9 folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-6-2009-19h18m09s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-6-2009-09h38m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-5-2009-19h41m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-5-2009-09h21m11s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-4-2009-21h31m22s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-3-2009-17h41m44s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-3-2009-11h34m52s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-2-2009-07h24m24s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\9-1-2009-07h21m06s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-8-2009-21h05m18s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-31-2009-07h31m57s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-28-2009-07h44m03s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-27-2009-14h14m28s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-27-2009-10h39m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-26-2009-18h31m49s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-26-2009-10h13m30s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-25-2009-07h45m13s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-24-2009-07h25m47s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-23-2009-15h17m54s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-21-2009-10h14m50s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-21-2009-08h55m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-20-2009-07h48m57s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-2-2009-14h41m07s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-2-2009-14h11m26s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-2-2009-13h30m44s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-19-2009-08h14m50s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-18-2009-09h01m12s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-17-2009-20h56m58s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-16-2009-17h31m35s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-16-2009-13h51m23s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-15-2009-19h38m14s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-14-2009-08h32m57s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-14-2009-08h20m27s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-13-2009-08h22m15s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-12-2009-07h42m16s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\8-10-2009-03h14m51s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\7-12-2009-13h06m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\2013-05-18-23h44m10s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\11-16-2009-08h35m03s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\11-16-2009-08h34m01s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\1-13-2009-09h03m53s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\1-13-2009-07h54m01s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\1-13-2009-07h41m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-11-2009-07h41m09s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h45m07s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h45m04s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m58s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m56s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m54s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m51s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m47s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m44s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m42s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m39s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m37s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m35s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m31s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m28s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m26s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-21h44m24s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-12h41m30s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-10h52m44s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-10h52m42s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-10h52m39s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-10h52m38s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-10-2009-10h41m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-19h43m12s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m25s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m22s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m20s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m18s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m16s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m13s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m11s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m08s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m05s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m02s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h51m01s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m58s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m56s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m53s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m51s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m48s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m46s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m44s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m41s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs\09-09-2009-15h50m38s folder moved successfully.
C:\ProgramData\NortonInstaller\Logs folder moved successfully.
C:\ProgramData\NortonInstaller folder moved successfully.
C:\Windows\temp\CommonInstaller.exe moved successfully.
C:\Windows\temp\MachineIdCreator.exe moved successfully.
C:\Windows\temp\ToolbarInstaller.exe moved successfully.
C:\Windows\temp\{057A99E9-FDDD-49B8-AAC9-F859A59338E9}.exe moved successfully.
C:\Windows\temp\{6D209E49-5022-4684-A9DF-193CDEF01837}.exe moved successfully.
C:\Windows\temp\{74DCE49F-F4BD-4333-9730-4DD1E53BA3DC}.exe moved successfully.
C:\Windows\temp\{7F8E54F0-2678-4ECD-AC91-130F82FCE1B4}.exe moved successfully.
C:\Windows\temp\{9A935578-7C79-427B-9431-7308491EA643}.exe moved successfully.
C:\Windows\temp\{E7FC5EFE-8916-4811-A11E-71269D116DF2}.exe moved successfully.
C:\Windows\temp\{EEDACDE4-07EC-44DF-91CD-D67F8EF69EC1}.exe moved successfully.
C:\Windows\sysnative\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\sysnative\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\sysnative\%APPDATA%\Microsoft folder moved successfully.
Folder move failed. C:\Windows\sysnative\%APPDATA% scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Owner
->Temp folder emptied: 2002 bytes
->Temporary Internet Files folder emptied: 6057978 bytes
->Java cache emptied: 123025 bytes
->FireFox cache emptied: 91773146 bytes
->Flash cache emptied: 15773968 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 218725953 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 11224655 bytes
 
Total Files Cleaned = 328.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05262013_155135

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\sysnative\%APPDATA% scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 26 May 2013 - 04:34 PM

Hi, :)

 

 

  • Please download OTS.exe and save it to your desktop.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under the Custom Scan box paste this in:

    c:\windows\system32\*.
    c:\windows\sysnative\*.

     

  • Click on the 15gxq3s.png button.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Please post the log in your next post.

 

Regards,

Georgi


cXfZ4wS.png


#13 hiya123

hiya123
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 26 May 2013 - 04:41 PM

Hey Georgi... im real sorry for this but my mom has decided to let my bro in law just wipe it and upgrade her to win7..

This is kind of out of my control as i guess she just is going with whatever he is saying. Sorry for your wasted time :(

 

really really sorry...



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 28 May 2013 - 04:37 PM

Hi,

 

 

There is no problem and thank you for letting me know.

We were almost done. However there isn't anything sure with this kind of infections so reformat is not so bad choice.

 

Safe surfing! :)


cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:00 PM

Posted 28 May 2013 - 04:37 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users