Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Rootkit Pakes U


  • This topic is locked This topic is locked
11 replies to this topic

#1 Mickola1984

Mickola1984

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 09 September 2013 - 02:30 PM

Hi,

 

I have the above trojan camouflaged in my System32/drivers/atapi.sys file. AVG keeps warning me about the infection but cannot removed it. I think this is because it is whitelisted. I have also ran malwarebytes, but this hasn't located the trojan in its scans. I have already ran combofix. I know in the forum guide you say not to do this but I had already ran it before reading this. I have attached the log file for your consideration.

 

Attached File  ComboFix.txt   22.62KB   3 downloads



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 12 September 2013 - 12:27 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------

 

Are you aware that your system is set to connect to a proxy server?  Do you use this computer to connect to work/school remotely?


Edited by jeffce, 12 September 2013 - 12:28 PM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 14 September 2013 - 04:44 PM

Still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 15 September 2013 - 03:06 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 17 September 2013 - 06:27 AM

This topic has been re-opened at the request of the person who originally posted.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 Mickola1984

Mickola1984
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 17 September 2013 - 01:11 PM

Hi

 

Attachments as request plus adware report pasted as requested.

 

With regards to the proxy server is there from when I was at university a few years ago. I do have a laptop at home that I network up unless is thats?

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 17:56:52
# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : Michael - MICHAEL-PC
# Running from : C:\Users\Michael\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : AskService
Service Found : AskUpgrade
Service Found : BarDiscover Service

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
File Found : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Found : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\searchplugins\Ask.xml
File Found : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\user.js
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\adapter@babylontc.com
Folder Found : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Folder Found : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\Extensions\inboxcomtoolbar@inbox.com
Folder Found C:\Program Files\AskBarDis
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Babylon
Folder Found C:\Program Files\BarDiscover
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\FreeRIP3
Folder Found C:\Program Files\Hotbar
Folder Found C:\Program Files\Inbox Toolbar
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\ShoppingReport2
Folder Found C:\Program Files\Uniblue\DriverScanner
Folder Found C:\Program Files\Veoh_Web_Player
Folder Found C:\Program Files\Veoh_Web_Player
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\FreeRIP
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeze.com
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartShopper
Folder Found C:\ProgramData\Uniblue\DriverScanner
Folder Found C:\Users\Michael\AppData\Local\AVG Secure Search
Folder Found C:\Users\Michael\AppData\Local\Babylon
Folder Found C:\Users\Michael\AppData\Local\OpenCandy
Folder Found C:\Users\Michael\AppData\Local\Temp\AskBarDis
Folder Found C:\Users\Michael\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Michael\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Michael\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Michael\AppData\LocalLow\Conduit
Folder Found C:\Users\Michael\AppData\LocalLow\Hotbar
Folder Found C:\Users\Michael\AppData\LocalLow\Inbox Toolbar
Folder Found C:\Users\Michael\AppData\LocalLow\Media Access Startup
Folder Found C:\Users\Michael\AppData\LocalLow\PriceGong
Folder Found C:\Users\Michael\AppData\LocalLow\ShoppingReport2
Folder Found C:\Users\Michael\AppData\LocalLow\Veoh_Web_Player
Folder Found C:\Users\Michael\AppData\LocalLow\Veoh_Web_Player
Folder Found C:\Users\Michael\AppData\Roaming\BabSolution
Folder Found C:\Users\Michael\AppData\Roaming\Babylon
Folder Found C:\Users\Michael\AppData\Roaming\Desktopicon
Folder Found C:\Users\Michael\AppData\Roaming\Hotbar
Folder Found C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freeze.com
Folder Found C:\Users\Michael\AppData\Roaming\OpenCandy
Folder Found C:\Users\Michael\AppData\Roaming\Uniblue\DriverScanner

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Hotbar
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Freeze.com
Key Found : HKCU\Software\hotbarsa
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0E33AC4-F474-4E6E-8F40-BB39BE2102FD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\ShoppingReport2
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\BarDiscover
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14113B47-D59C-4F0F-9D10-FF1730265584}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D00AA2A-69EF-487A-8A40-B3E27F07C91E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2F9AD413-2E0B-4A85-BB2A-CF961238262A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{71F731B3-008B-4052-9EA4-4145ACCE40C3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9C42A57-421C-4572-8B12-249C59183D1C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0CB585F-3271-4E42-88D9-AE5C9330D554}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D95C7240-0282-4C01-93F5-673BCA03DA86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD15BCC0-5FE9-4690-A957-99FA60ED9D26}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0E33AC4-F474-4E6E-8F40-BB39BE2102FD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}
Key Found : HKLM\SOFTWARE\Classes\CntntCntr.CntntDic
Key Found : HKLM\SOFTWARE\Classes\CntntCntr.CntntDic.1
Key Found : HKLM\SOFTWARE\Classes\CntntCntr.CntntDisp
Key Found : HKLM\SOFTWARE\Classes\CntntCntr.CntntDisp.1
Key Found : HKLM\SOFTWARE\Classes\CoreSrv.CoreServices
Key Found : HKLM\SOFTWARE\Classes\CoreSrv.CoreServices.1
Key Found : HKLM\SOFTWARE\Classes\CoreSrv.LfgAx
Key Found : HKLM\SOFTWARE\Classes\CoreSrv.LfgAx.1
Key Found : HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp
Key Found : HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1
Key Found : HKLM\SOFTWARE\Classes\HBMain.CommBand
Key Found : HKLM\SOFTWARE\Classes\HBMain.CommBand.1
Key Found : HKLM\SOFTWARE\Classes\hbr.HbMain
Key Found : HKLM\SOFTWARE\Classes\hbr.HbMain.1
Key Found : HKLM\SOFTWARE\Classes\HostIE.Bho
Key Found : HKLM\SOFTWARE\Classes\HostIE.Bho.1
Key Found : HKLM\SOFTWARE\Classes\HostOL.MailAnim
Key Found : HKLM\SOFTWARE\Classes\HostOL.MailAnim.1
Key Found : HKLM\SOFTWARE\Classes\HostOL.WebmailSend
Key Found : HKLM\SOFTWARE\Classes\HostOL.WebmailSend.1
Key Found : HKLM\SOFTWARE\Classes\HotbarAx.Info
Key Found : HKLM\SOFTWARE\Classes\HotbarAx.Info.1
Key Found : HKLM\SOFTWARE\Classes\HotbarAX.UserProfiles
Key Found : HKLM\SOFTWARE\Classes\HotbarAX.UserProfiles.1
Key Found : HKLM\SOFTWARE\Classes\HotbarWeather.WeatherController
Key Found : HKLM\SOFTWARE\Classes\HotbarWeather.WeatherController.1
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}
Key Found : HKLM\SOFTWARE\Classes\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbAx
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbAx.1
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButton
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButton.1
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButtonA
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButtonA.1
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl
Key Found : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1
Key Found : HKLM\SOFTWARE\Classes\Srv.CoreServices
Key Found : HKLM\SOFTWARE\Classes\Srv.CoreServices.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Found : HKLM\SOFTWARE\Classes\Toolbar.HtmlMenuUI
Key Found : HKLM\SOFTWARE\Classes\Toolbar.HtmlMenuUI.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarCtl
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarCtl.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{148E1447-C728-48FD-BEEC-A7D06C5FFF58}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{76D54105-99EB-4ECB-95B2-A944F50CC566}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8292078F-F6E9-412B-8EB1-360C05C5ECE5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57470DE-14C7-4FCD-9D4C-E5711F24F0ED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F244A744-534D-4A46-855F-C0C7E9F27DAA}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Hotbar
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4BFC-9DBE-E7C85941335B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim
Key Found : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4DA5-98BE-3088B554A11E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E0E33AC4-F474-4E6E-8F40-BB39BE2102FD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotbarsa
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Orbit\OpenCandy
Key Found : HKLM\Software\ShoppingReport2
Key Found : HKLM\Software\Veoh_Web_Player
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HotbarSA]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [OurBabyMaker_27 Browser Plugin Loader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Hotbar@Hotbar.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=YRxdm004YYgb&ptb=75262503-4971-4E68-9F20-C32827CC2C2C
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

-\\ Mozilla Firefox v3.0.5 (en-GB)

[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\mluj4yon.default\prefs.js ]

Line Found : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,web@veoh.com:1.4[...]
Line Found : user_pref("extensions.newAddons", "web@veoh.com,{E9A1DEE0-C623-4439-8932-001E7D17607D}");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [30943 octets] - [17/09/2013 17:56:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [31004 octets] ##########

 

Attached Files



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 17 September 2013 - 01:52 PM

Hi,
 
Thanks for letting me know about the proxy settings.  If you are familiar with them and comfortable having them on your system still we will leave them alone.
 
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
 
If you would like to format and reinstall your Operating System please let me know and I can assist you with that.
 
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.   :)
----------
 
 
Please run TDSSKiller again.  When you see this entry >> atapi ( Rootkit.Win32.TDSS.tdl3 ) be sure to select Cure this time and post the new log.
--------------
 
81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 Mickola1984

Mickola1984
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 17 September 2013 - 02:52 PM

Hi

 

Many thanks for your help. I have taken the actions you have advised me. Logs attached below. The PC runs much better. With the issues you have raised, does this mean even though they have now been cleaned there could be other programs lurking around undetected, hence the format being required? Or is it more of a case of being cautious? Either way I am happy to do it. If you don't mind helping that would be great. The only thing is that I don't have the original windows CD. Vista was pre-installed on the computer...

 

I would also need a few days to back things up. Is there anyway you can keep the forum open a little longer than normal. I'm not off work now until Sunday and I think it would be an all day job from past experience.

 

 

Thanks

 

 

 

Attached Files



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 17 September 2013 - 08:43 PM

Well you had what looked to be an older variant rootkit on your system which should not be a problem to clean, but I wanted to give you that warning anyway just so that you are aware.   :)  When we are complete, you should go and change all of your passwords from another computer.
 
It looks like the TDSSKiller log was not posted completely?  If that is the complete log, could you run it again and post the new log that is created?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 19 September 2013 - 04:20 PM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 21 September 2013 - 08:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:21 PM

Posted 21 September 2013 - 08:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users