Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Advanced Security Center infection causing havoc


  • This topic is locked This topic is locked
31 replies to this topic

#1 rogue_agent

rogue_agent

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 07 January 2014 - 10:31 AM

Hi,

 

A family member's laptop (Medion Akoya - Windows 7 Home Edition) has been infected with Windows Advanced Security Center. I was referred to this Experts area because this infection prevents me from downloading anything (like Malwarebytes and DDS), opening any browser, running iexplore.exe, etc. I literally cannot do anything that I've been advised to do, even in Safe Mode!

 

So, please help in advising me with what steps I should take to remove the infection.



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 11 January 2014 - 05:48 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please check if you have access to Windows Recovery Environment:

 

To access Advanced Boot Options menu restart your computer and press the F8 key before Windows starts. Chose “Repair Your Computer” which shows a list of system recovery tools you can use to repair startup problems, run diagnostics, or restore your system.

 

AdvancedBootOptions.jpg

 

If you see that option then please let me know in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 11 January 2014 - 08:54 AM

Hi Georgi :)

 

I cannot see that option. I can see all other options except this one, unfortunately.

 

Also, I would like make a correction to my original post - the OS is Windows Vista Home Edition.



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 11 January 2014 - 09:15 AM

Hi,

 

Do you have an installation DVD with Windows Vista? We will need it to access the Recovery Environment.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 11 January 2014 - 09:43 AM

Yes, I think I have!

 

So, shall I insert it and access the Recovery Environment?



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 11 January 2014 - 10:35 AM

Hi,

 

Great...try this then:

 

 

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
     
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
 

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 11 January 2014 - 01:44 PM

Here is the FRST log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-01-2014 02
Ran by SYSTEM on MINWINPC on 11-01-2014 15:54:06
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [745472 2009-05-07] (Sentelic Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-16] (RealNetworks, Inc.)
HKLM\...\Run: [BingDesktop] - C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HardInstall-silent] - C:\Users\asai\AppData\Local\Install\hardinstall-silent.exe [1388544 2013-10-11] ()
HKLM\...\Run: [HardInstall, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null] - C:\Users\asai\AppData\Local\Install\HardInstall.exe
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKU\asai\...\Run: [Dashlane] - C:\Users\asai\AppData\Roaming\Dashlane\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlane.exe [ 2013-02-13] ()
HKU\asai\...\Run: [Tango] - C:\Program Files\Tango\Tango.exe [ 2011-11-04] (Tango Inc.)
HKU\asai\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [ 2013-12-06] (Google)
HKU\asai\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\asai\...\Run: [HardInstallsilent] - C:\Users\asai\AppData\Local\Install\hardinstall-silent.exe [ 2013-10-11] ()
HKU\asai\...\Run: [iLivid] - "C:\Users\asai\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\asai\...\Winlogon: [Shell] C:\Users\asai\AppData\Roaming\guard-kxlb.exe [ 2014-01-04] () <==== ATTENTION
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)
AppInit_DLLs:   [ ] ()
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\msconfig.exe: [Debugger] svchost.exe
IFEO\msmpeng.exe: [Debugger] svchost.exe
IFEO\msseces.exe: [Debugger] svchost.exe
Startup: C:\Users\asai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\asai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

========================== Services (Whitelisted) =================

S2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2571704 2012-12-03] (WIBU-SYSTEMS AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 Rezip; C:\Windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-04] (CSR, plc)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-11 15:52 - 2014-01-11 15:52 - 00000000 ____D C:\FRST
2014-01-06 12:08 - 2014-01-06 12:10 - 00000514 _____ C:\Users\asai\Desktop\Rkill.txt
2014-01-06 12:06 - 2014-01-06 12:02 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\asai\Desktop\iExplore.exe
2014-01-06 12:01 - 2014-01-06 12:01 - 00000000 ____H C:\ProgramData\cm-lock
2014-01-04 16:17 - 2014-01-04 16:17 - 00002763 _____ C:\ProgramData\connector.swf
2014-01-04 15:33 - 2014-01-04 15:33 - 00001592 _____ C:\Users\asai\AppData\Roaming\result1.db
2014-01-04 15:26 - 2014-01-04 15:23 - 01245696 _____ C:\Users\asai\AppData\Roaming\guard-kxlb.exe
2014-01-01 00:27 - 2013-11-14 15:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-01-01 00:27 - 2013-11-14 14:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-01-01 00:27 - 2013-11-14 14:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-01-01 00:27 - 2013-11-14 14:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-01-01 00:27 - 2013-11-14 14:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-01-01 00:27 - 2013-11-14 14:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-01-01 00:27 - 2013-11-14 14:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-01-01 00:27 - 2013-11-14 14:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-01-01 00:27 - 2013-11-14 14:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-01-01 00:27 - 2013-11-14 14:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-01-01 00:27 - 2013-11-14 14:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-01-01 00:27 - 2013-11-14 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-01-01 00:27 - 2013-11-14 14:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-01-01 00:27 - 2013-11-14 14:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-01-01 00:27 - 2013-11-14 14:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-01-01 00:27 - 2013-11-14 14:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-01-01 00:26 - 2013-10-29 18:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2014-01-01 00:26 - 2013-10-29 17:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2014-01-01 00:26 - 2013-10-29 16:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2014-01-01 00:26 - 2013-10-29 16:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-01 00:26 - 2013-10-10 18:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2014-01-01 00:26 - 2013-10-10 18:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2014-01-01 00:26 - 2013-10-10 18:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wshcon.dll
2014-01-01 00:26 - 2013-10-10 16:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2014-01-01 00:26 - 2013-10-10 16:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2014-01-01 00:26 - 2013-10-03 04:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2014-01-01 00:26 - 2013-10-03 04:45 - 00297984 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-01-01 00:25 - 2013-10-10 18:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2014-01-01 00:25 - 2013-10-10 18:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2014-01-01 00:25 - 2013-10-10 16:39 - 00218228 _____ C:\Windows\System32\WFP.TMF
2014-01-01 00:24 - 2013-10-21 23:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2013-12-21 21:43 - 2013-12-21 21:57 - 00000000 ____D C:\Users\asai\Documents\MAJÁLIS MASIHUL-UMMAT(MUSHAF-SHARIF)
2013-12-20 17:28 - 2013-12-20 17:29 - 00329920 _____ (QuickSet) C:\Users\asai\Downloads\Books for electronics pdf.exe
2013-12-20 15:13 - 2013-12-20 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-18 19:41 - 2013-12-21 22:17 - 00000000 ____D C:\Users\asai\Documents\JALÁLÁBÁD KHANQAH{EXTRA}
2013-12-16 18:05 - 2013-12-16 18:05 - 00589528 _____ C:\Users\asai\Downloads\uplayermediaplayer-setup.exe
2013-12-13 20:12 - 2013-12-13 20:12 - 00000000 ____D C:\Users\asai\SyncFolder
2013-12-13 16:00 - 2013-12-15 20:36 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-13 15:59 - 2013-12-13 15:59 - 00000000 ____D C:\Users\asai\Documents\Optimizer Pro
2013-12-13 15:58 - 2013-12-16 17:17 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-12-13 15:52 - 2013-12-13 15:52 - 00519736 _____ C:\Users\asai\Downloads\Java.exe

==================== One Month Modified Files and Folders =======

2014-01-11 15:52 - 2014-01-11 15:52 - 00000000 ____D C:\FRST
2014-01-11 06:45 - 2013-04-10 10:29 - 00000000 ____D C:\Program Files\PC Tools Registry Mechanic
2014-01-11 06:45 - 2013-02-11 21:33 - 00001356 _____ C:\Users\asai\AppData\Local\d3d9caps.dat
2014-01-11 06:45 - 2006-11-02 04:47 - 00003712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 06:45 - 2006-11-02 04:47 - 00003712 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 05:59 - 2013-02-11 21:29 - 00005332 _____ C:\Windows\bthservsdp.dat
2014-01-11 05:59 - 2008-01-20 17:35 - 02058807 _____ C:\Windows\WindowsUpdate.log
2014-01-06 12:10 - 2014-01-06 12:08 - 00000514 _____ C:\Users\asai\Desktop\Rkill.txt
2014-01-06 12:10 - 2006-11-02 02:33 - 00703388 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-06 12:08 - 2013-04-07 18:32 - 00005632 _____ C:\Users\asai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-06 12:02 - 2014-01-06 12:06 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\asai\Desktop\iExplore.exe
2014-01-06 12:01 - 2014-01-06 12:01 - 00000000 ____H C:\ProgramData\cm-lock
2014-01-04 16:17 - 2014-01-04 16:17 - 00002763 _____ C:\ProgramData\connector.swf
2014-01-04 15:33 - 2014-01-04 15:33 - 00001592 _____ C:\Users\asai\AppData\Roaming\result1.db
2014-01-04 15:23 - 2014-01-04 15:26 - 01245696 _____ C:\Users\asai\AppData\Roaming\guard-kxlb.exe
2014-01-04 12:12 - 2013-04-14 10:00 - 00000406 _____ C:\Windows\System32\AppLog.log
2014-01-04 08:56 - 2013-08-21 22:48 - 00000000 ___RD C:\Users\asai\Dropbox
2014-01-04 08:56 - 2013-08-21 22:40 - 00000000 ____D C:\Users\asai\AppData\Roaming\Dropbox
2014-01-02 16:44 - 2013-08-10 18:53 - 00000000 ___RD C:\Users\asai\Documents\ISLAMIC ARTICLES
2014-01-01 21:43 - 2013-02-15 07:46 - 00000000 ____D C:\Users\asai\AppData\Roaming\vlc
2014-01-01 18:14 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-01 01:05 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2014-01-01 00:49 - 2006-11-02 04:47 - 00230896 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-01 00:41 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-01 00:40 - 2013-02-13 17:35 - 00001945 _____ C:\Windows\epplauncher.mif
2014-01-01 00:39 - 2013-02-13 08:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2014-01-01 00:32 - 2013-08-08 19:59 - 00000000 ____D C:\Windows\System32\MRT
2013-12-30 05:40 - 2013-04-16 23:07 - 00000000 ____D C:\Users\asai\Documents\HEAVENLY SUPER-HIGHWAY
2013-12-30 05:40 - 2013-02-11 21:33 - 00000000 ____D C:\users\asai
2013-12-21 22:19 - 2013-10-01 15:46 - 00000000 ____D C:\Users\asai\Documents\JALÁLÁBÁD KHANQAH
2013-12-21 22:17 - 2013-12-18 19:41 - 00000000 ____D C:\Users\asai\Documents\JALÁLÁBÁD KHANQAH{EXTRA}
2013-12-21 21:57 - 2013-12-21 21:43 - 00000000 ____D C:\Users\asai\Documents\MAJÁLIS MASIHUL-UMMAT(MUSHAF-SHARIF)
2013-12-21 17:21 - 2013-08-21 22:48 - 00000916 _____ C:\Users\asai\Desktop\Dropbox.lnk
2013-12-21 12:57 - 2013-04-07 22:44 - 00000000 ____D C:\Users\asai\AppData\Roaming\Dashlane
2013-12-21 12:52 - 2013-02-11 22:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 17:29 - 2013-12-20 17:28 - 00329920 _____ (QuickSet) C:\Users\asai\Downloads\Books for electronics pdf.exe
2013-12-20 15:14 - 2013-12-20 15:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-17 16:19 - 2013-11-17 18:40 - 08278119 _____ C:\Users\asai\Sound clip 1288.mp4
2013-12-16 18:05 - 2013-12-16 18:05 - 00589528 _____ C:\Users\asai\Downloads\uplayermediaplayer-setup.exe
2013-12-16 17:17 - 2013-12-13 15:58 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-12-15 20:36 - 2013-12-13 16:00 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-13 20:12 - 2013-12-13 20:12 - 00000000 ____D C:\Users\asai\SyncFolder
2013-12-13 15:59 - 2013-12-13 15:59 - 00000000 ____D C:\Users\asai\Documents\Optimizer Pro
2013-12-13 15:52 - 2013-12-13 15:52 - 00519736 _____ C:\Users\asai\Downloads\Java.exe
2013-12-13 12:08 - 2013-08-18 15:51 - 00000859 _____ C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\asai\AppData\Local\Temp\66202uninstall.exe
C:\Users\asai\AppData\Local\Temp\BackupSetup.exe
C:\Users\asai\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\asai\AppData\Local\Temp\jna7657737761580946431.dll
C:\Users\asai\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\asai\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\asai\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\asai\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\asai\AppData\Local\Temp\lowproc.exe
C:\Users\asai\AppData\Local\Temp\Sqlite3.dll
C:\Users\asai\AppData\Local\Temp\stubhelper.dll
C:\Users\asai\AppData\Local\Temp\uninst1.exe
C:\Users\asai\AppData\Local\Temp\vcredist_x86.exe
C:\Users\asai\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\asai\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\asai\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\asai\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\asai\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\asai\AppData\Local\Temp\{5DEFB6BE-4ABD-4A93-A9A7-F1B246C1C037}-29.0.1547.62_29.0.1547.57_chrome_updater.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-01 09:44:57
Restore point made on: 2013-12-03 12:02:32
Restore point made on: 2013-12-04 10:47:31
Restore point made on: 2013-12-05 09:12:00
Restore point made on: 2013-12-06 11:06:09
Restore point made on: 2013-12-07 13:42:19
Restore point made on: 2013-12-08 20:55:43
Restore point made on: 2013-12-09 14:04:40
Restore point made on: 2013-12-12 11:27:45
Restore point made on: 2013-12-13 09:41:35
Restore point made on: 2013-12-14 20:38:07
Restore point made on: 2013-12-16 10:16:58
Restore point made on: 2013-12-21 13:05:11
Restore point made on: 2013-12-22 11:50:42
Restore point made on: 2013-12-25 16:45:00
Restore point made on: 2013-12-28 11:06:29
Restore point made on: 2013-12-29 17:31:44
Restore point made on: 2014-01-01 00:27:21
Restore point made on: 2014-01-01 18:45:01
Restore point made on: 2014-01-04 16:26:35

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4089.95 MB
Available physical RAM: 3479.3 MB
Total Pagefile: 3831.28 MB
Available Pagefile: 3641.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:183.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (MEDHPSP1ENU) (CDROM) (Total:2.62 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:14.9 GB) (Free:4.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 7E3CDCF4)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-01-06 14:38

==================== End Of Log ============================



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 12 January 2014 - 06:11 AM

Hi,
 

Download the following file => and save it to the same USB flash drive where FRST.exe is stored.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST the way you did before.

When the tool opens click Yes to disclaimer.

Press the Fix button just once and wait.

The tool will make a log on the USB flash drive named (Fixlog.txt). Please post it to your reply.

Also reboot the computer to Normal Mode and let me know if that was successful.

 
 
Regards,
Georgi


cXfZ4wS.png


#9 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 12 January 2014 - 10:48 AM

I rebooted the computer to Normal Mode. That infection is not in control anymore!

 

Here is the fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-01-2014 02
Ran by SYSTEM at 2014-01-12 15:41:39 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] - [x]
HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
C:\Program Files\Ask.com
HKLM\...\Run: [HardInstall-silent] - C:\Users\asai\AppData\Local\Install\hardinstall-silent.exe [1388544 2013-10-11] ()
HKLM\...\Run: [HardInstall, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null] - C:\Users\asai\AppData\Local\Install\HardInstall.exe
HKU\asai\...\Run: [HardInstallsilent] - C:\Users\asai\AppData\Local\Install\hardinstall-silent.exe [ 2013-10-11] ()
C:\Users\asai\AppData\Local\Install
HKU\asai\...\Run: [iLivid] - "C:\Users\asai\AppData\Local\iLivid\iLivid.exe" -autorun
C:\Users\asai\AppData\Local\iLivid
HKU\asai\...\Winlogon: [Shell] C:\Users\asai\AppData\Roaming\guard-kxlb.exe [ 2014-01-04] () <==== ATTENTION
AppInit_DLLs:   [ ] ()
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\msconfig.exe: [Debugger] svchost.exe
IFEO\msmpeng.exe: [Debugger] svchost.exe
IFEO\msseces.exe: [Debugger] svchost.exe
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
2014-01-06 12:01 - 2014-01-06 12:01 - 00000000 ____H C:\ProgramData\cm-lock
2014-01-04 16:17 - 2014-01-04 16:17 - 00002763 _____ C:\ProgramData\connector.swf
2014-01-04 15:33 - 2014-01-04 15:33 - 00001592 _____ C:\Users\asai\AppData\Roaming\result1.db
2014-01-04 15:26 - 2014-01-04 15:23 - 01245696 _____ C:\Users\asai\AppData\Roaming\guard-kxlb.exe
File: C:\Users\asai\Downloads\Books for electronics pdf.exe
File: C:\Users\asai\Downloads\Java.exe
2014-01-11 06:45 - 2013-04-10 10:29 - 00000000 ____D C:\Program Files\PC Tools Registry Mechanic
2013-12-13 16:00 - 2013-12-15 20:36 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-13 15:59 - 2013-12-13 15:59 - 00000000 ____D C:\Users\asai\Documents\Optimizer Pro
2013-12-13 15:58 - 2013-12-16 17:17 - 00000000 ____D C:\Program Files\Optimizer Pro
C:\Users\asai\AppData\Local\Temp
end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
C:\Program Files\Ask.com => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HardInstall-silent => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HardInstall, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null => Value deleted successfully.
HKU\asai\Software\Microsoft\Windows\CurrentVersion\Run\\HardInstallsilent => Value deleted successfully.
C:\Users\asai\AppData\Local\Install => Moved successfully.
HKU\asai\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid => Value deleted successfully.
"C:\Users\asai\AppData\Local\iLivid" => File/Directory not found.
HKU\asai\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpUXSrv.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msconfig.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msmpeng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
McComponentHostService => Service deleted successfully.
C:\Program Files\McAfee Security Scan => Moved successfully.
"C:\ProgramData\cm-lock" => File/Directory not found.
C:\ProgramData\connector.swf => Moved successfully.
C:\Users\asai\AppData\Roaming\result1.db => Moved successfully.
C:\Users\asai\AppData\Roaming\guard-kxlb.exe => Moved successfully.

========================= File: C:\Users\asai\Downloads\Books for electronics pdf.exe ========================

MD5: 95856630CE7DB6D0F844A275C407BC6D
Creation and modification date: 2013-12-20 17:28 - 2013-12-20 17:29
Size: 0329920
Attributes: ----A
Company Name: QuickSet
Internal Name: TSULoader
Original Name: TSULoader.exe
Product Name: QuickSet
Description: Installer for QuickSet
File Version: 2013.12.18.2107
Product Version: 1.0.0.1
Copyright: Copyright © 2013 QuickSet

====== End Of File: ======


========================= File: C:\Users\asai\Downloads\Java.exe ========================

MD5: 06373CCDA0D609E68BFCD31043DEA5BC
Creation and modification date: 2013-12-13 15:52 - 2013-12-13 15:52
Size: 0519736
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

C:\Program Files\PC Tools Registry Mechanic => Moved successfully.
C:\Program Files\MyPC Backup => Moved successfully.
C:\Users\asai\Documents\Optimizer Pro => Moved successfully.
C:\Program Files\Optimizer Pro => Moved successfully.
C:\Users\asai\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

 

Awaiting any further instructions...



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 13 January 2014 - 03:18 PM

Hello,

 

Great work! :)

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 13 January 2014 - 07:49 PM

Rkill Log

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2014 10:26:55 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SYSTEM32\Rezip.exe (PID: 2740) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 01/13/2014 10:28:15 PM
Execution time: 0 hours(s), 1 minute(s), and 20 seconds(s)
 

 

RogueKiller Report

 

http://pastebin.com/bZziQ1Vx

 

TDSSKiller Log

 

http://pastebin.com/7Eu8q9XU

 

Malwarebytes Ant-Rootkit Logs

 

Log 1

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.13.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
asai :: ASAI-PC [administrator]

13/01/2014 23:18:10
mbar-log-2014-01-13 (23-18-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 211461
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

Log 2

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.13.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
asai :: ASAI-PC [administrator]

13/01/2014 23:42:00
mbar-log-2014-01-13 (23-42-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 211418
Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

HitmanPro Log

 

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : ASAI-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : asai-PC\asai
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-01-14 00:02:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 25s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 224

   Objects scanned . . . : 1,546,603
   Files scanned . . . . : 27,585
   Remnants scanned  . . : 398,990 files / 1,120,028 keys

Malware _____________________________________________________________________

   C:\Users\asai\Downloads\iLividSetup_A-r514-t-bf.exe
      Size . . . . . . . : 1,628,536 bytes
      Age  . . . . . . . : 69.9 days (2013-11-05 02:08:57)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : 2A2AD0BADD2A7546635432EE74631478EFF141897FF7464A51621614E98F8095
      Product  . . . . . : iLivid
      Publisher  . . . . : Bandoo Media Inc
      Description  . . . : iLivid Install
      Version  . . . . . : 5.0.0.4081
      Copyright  . . . . : Copyright (c) 2013
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.awjz
      Fuzzy  . . . . . . : 98.0
      References
         HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\asai\Downloads\iLividSetup_A-r514-t-bf.exe

   C:\Users\asai\Downloads\Java.exe
      Size . . . . . . . : 519,736 bytes
      Age  . . . . . . . : 31.0 days (2013-12-13 23:52:33)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : AA9377E993751672D699FBC565A942C00CF9D0D08A86491224AA7D31F8822C66
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.DomaIQ.P
      Fuzzy  . . . . . . : 103.0


Potential Unwanted Programs _________________________________________________

   C:\ProgramData\Babylon\ (Babylon)
   C:\Users\asai\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\asai\AppData\Roaming\Babylon\log_file.txt (Babylon)
   C:\Users\asai\AppData\Roaming\OpenCandy\ (Conduit)
   C:\Users\asai\AppData\Roaming\OpenCandy\FD8689E5B3A54D87A857E72BBF74BF4A\ (Conduit)
   C:\Users\asai\AppData\Roaming\OpenCandy\FD8689E5B3A54D87A857E72BBF74BF4A\spotflux-latestPC.exe (Conduit)
      Size . . . . . . . : 14,285,736 bytes
      Age  . . . . . . . : 280.7 days (2013-04-08 06:41:04)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 5C87C63D721EDD345752577FDED8DC09A3CF017B5140ECA5E7031BE0577E2BBB
      Product  . . . . . : Spotflux
      Publisher  . . . . : Spotflux
      Description  . . . : Spotflux
      Version  . . . . . : 2.9.4
      Copyright  . . . . : Copyright (C) Spotflux
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -4.0

   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST (AskBar)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe (AskBar)
      Size . . . . . . . : 102,400 bytes
      Age  . . . . . . . : 269.4 days (2013-04-19 15:06:01)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 092D64E5DB4FA21D6719B3A6A30AD06A2CB0E1F897357CD4935BECA52E921274
      Product  . . . . . : InstallShield
      Publisher  . . . . : Acresso Software Inc.
      Description  . . . : InstallShield
      Version  . . . . . : 16.0.328
      Copyright  . . . . : Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 0.0

   HKLM\SOFTWARE\babylontoolbar\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\DataMngr\ (SearchQU)
   HKLM\SOFTWARE\Delta\ (SpeedUpMyPC)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\AppDataLow\Software\Crossrider\ (iPumper)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Ask.com\ (AskBar)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\BabSolution\ (SpeedUpMyPC)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\delta LTD\ (Delta Search)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Delta\ (SpeedUpMyPC)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)

Cookies _____________________________________________________________________

   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:122.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.live-lyrics.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.tanzuki.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.videohub.tv
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserverplus.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:care2.112.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:chitika.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:clickbank.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:conrad.122.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.co.uk
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:trinitymirror.112.2o7.net
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\2BVC2NPI.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\2R1780XE.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\98LUEZMI.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@apmebf[2].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@atdmt[2].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@bs.serving-sys[1].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@emjcd[1].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@serving-sys[2].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@statse.webtrendslive[2].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\asai@track.adform[1].txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\H80TFYON.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\JA4PAVLI.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\KXMBECP2.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\OR1SI6XC.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\SN0L05TJ.txt
   C:\Users\asai\AppData\Roaming\Microsoft\Windows\Cookies\UZAGCJSW.txt
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:192com.112.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:247realmedia.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:accsabc.122.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ad.360yield.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ad.auditude.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ad.tanzuki.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:adinterax.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.adual.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.audience2media.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.crakmedia.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.p161.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.undertone.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ads.yahoo.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:adtech.de
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:adtechus.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:adult-empire.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:advertising.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:adviva.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:apmebf.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:archant.122.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:asianfreexxx.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:at.atwola.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:atdmt.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:burstnet.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:c.atdmt.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:c1.atdmt.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:care2.112.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:casalemedia.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:chitika.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:clickbank.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:collective-media.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:conrad.122.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:dmtracker.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:doubleclick.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:fastclick.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:fr.sitestat.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:freexartsex.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:h.atdmt.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:hornylike.me
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:in.getclicky.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:invitemedia.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:media6degrees.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:mediaplex.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:microsoftsto.112.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:oracle.112.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:pool-eu-ie.creative-serving.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:questionmarket.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:realmedia.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:revsci.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:rtst.122.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:ru4.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:samporn.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:serving-sys.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:sexmatchbook.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:sexyasianbeauties.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:sexydates4.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:sexygorgeouswomen.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:sexyjapanesephotos.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:smartadserver.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:starsexcams.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:stat.aldi.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:statcounter.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:static.freewebs.getclicky.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:stats.adotube.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:stats.complex.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:tomorrowporn.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:track.adform.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:tradedoubler.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:tribalfusion.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:trinitymirror.112.2o7.net
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.etracker.de
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.freexartsex.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.googleadservices.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.jpschoolgirlsex.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.samporn.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.sexyasianbeauties.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:www.sexyjapanesephotos.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:xiti.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:yadro.ru
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:younglegalporn.com
   C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\cookies.sqlite:zedo.com
 

 

Security Check Results

 

 Results of screen317's Security Check version 0.99.78  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.170  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 14 January 2014 - 07:45 PM

Hello,

 

 

 

STEP 1

 

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

STEP 2

 
 

UPDATING TASKS
 

 

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
 

  • Download the latest version of Java SE 7.
  • Click the Java™ 7 Update 51 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u51-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
    Java 7 Update 45
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u51-windows-i586.exe and select "Run as an Administrator.")

 

Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...
 
http://www.techsuppo...ell-the-coffee/
 
 
Next please run JavaRa.

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.1.8 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
 

 

 

Your adobe flash player is out of date. Older versions are vulnerable to attack and exploitation. Please go to the links below to update it:

Adobe Flash Player 12.0.0.43 Final for (Internet Explorer)

Adobe Flash Player 12.0.0.43 Final for (Firefox, Safari, Opera)

Note: Your browsers should be closed before proceeding with the installation process.

 

 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.  
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

When done please post a new log from SecurityCheck.

I'll give you my final recommendations in the next post. :)

 

 

 

Regards,

Georgi

 


cXfZ4wS.png


#13 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 14 January 2014 - 10:16 PM

FRST Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2014
Ran by asai at 2014-01-15 01:01:34 Run:2
Running from C:\Users\asai\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\asai\Downloads\iLividSetup_A-r514-t-bf.exe
C:\Users\asai\Downloads\Java.exe
C:\ProgramData\Babylon
C:\Users\asai\AppData\Roaming\Babylon
C:\Users\asai\AppData\Roaming\OpenCandy
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Reg: reg delete "HKLM\SOFTWARE\babylontoolbar" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Prod.cap" /f
Reg: reg delete "HKLM\SOFTWARE\DataMngr" /f
Reg: reg delete "HKLM\SOFTWARE\Delta" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" /f
Reg: reg delete "HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\AppDataLow\Software\Crossrider" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Ask.com" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\BabSolution" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Conduit" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr_Toolbar" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\delta LTD" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Delta" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}" /f
Reg: reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" /f
end
*****************

C:\Users\asai\Downloads\iLividSetup_A-r514-t-bf.exe => Moved successfully.
C:\Users\asai\Downloads\Java.exe => Moved successfully.
C:\ProgramData\Babylon => Moved successfully.
C:\Users\asai\AppData\Roaming\Babylon => Moved successfully.
C:\Users\asai\AppData\Roaming\OpenCandy => Moved successfully.
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} => Moved successfully.

========= reg delete "HKLM\SOFTWARE\babylontoolbar" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Classes\Prod.cap" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\DataMngr" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Delta" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\AppDataLow\Software\Crossrider" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Ask.com" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\BabSolution" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Conduit" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr_Toolbar" /f =========

ERROR: Access is denied.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\delta LTD" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Delta" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" /f =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====

JavaRa Log (attached)

 

SecurityCheck log

 

 Results of screen317's Security Check version 0.99.78  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java SE Development Kit 7 Update 51
 Java version out of Date!
 Adobe Flash Player     12.0.0.43  
 Adobe Reader XI  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 I don't get it. It still states that my Java isn't updated. I'm sure it is!

Attached Files



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 AM

Posted 15 January 2014 - 06:48 AM

Hello,

 

 

Great work. Before I give you my final recommendation I want you run the following tools to see if they will deal with the locked keys or we should delete them manually:

 

========= reg delete "HKLM\SOFTWARE\DataMngr" /f =========

ERROR: Access is denied.

========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr" /f =========

ERROR: Access is denied.

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\DataMngr_Toolbar" /f =========

ERROR: Access is denied.

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

I don't get it. It still states that my Java isn't updated. I'm sure it is!

 

Don't worry about this. SecurityCheck needs to be updated a bit to reflect the newest version of Java (I already reported this to the developer). :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 15 January 2014 - 07:43 PM.

cXfZ4wS.png


#15 rogue_agent

rogue_agent
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England, UK
  • Local time:03:15 AM

Posted 15 January 2014 - 10:02 AM

Oh okay, thank you for that :)

 

AdwCleaner Log

 

# AdwCleaner v3.017 - Report created 15/01/2014 at 14:34:40
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : asai - ASAI-PC
# Running from : C:\Users\asai\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Freecorder extension
Folder Deleted : C:\Users\asai\AppData\Local\apn
Folder Deleted : C:\Users\asai\AppData\Local\Tiger Savings
Folder Deleted : C:\Users\asai\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\asai\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Folder Deleted : C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi
Folder Deleted : C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\Users\asai\AppData\Local\mysearchdial_speedial_v9.0.2.crx
File Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\invalidprefs.js
File Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\searchplugins\Askcom.xml
File Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\searchplugins\Babylon.xml
File Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\searchplugins\mixidj.xml
File Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\user.js
File Deleted : C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3CE6740-996D-4899-B3A4-A6565C7C9435}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3CE6740-996D-4899-B3A4-A6565C7C9435}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73BEEBEC-FE13-4541-BBBB-5B76527C3BBC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73BEEBEC-FE13-4541-BBBB-5B76527C3BBC}
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\5d48ad9b634ee13
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDAC750C-59DA-4BB6-9EE7-EAD55EBE0B64}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\Tiger Savings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder extension
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder extension
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\asai\AppData\Roaming\Mozilla\Firefox\Profiles\u849r2y4.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_20.0.1");
Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "^U3");
Line Deleted : user_pref("extensions.asktb.config-updated", true);
Line Deleted : user_pref("extensions.asktb.cr-o", "100000027cr");
Line Deleted : user_pref("extensions.asktb.crumb", "2013.04.24+19.23.07-toolbar015iad-GB-TWFuY2hlc3RlcixVbml0ZWQgS2luZ2RvbQ%3D%3D");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all&gct=bar");
Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
Line Deleted : user_pref("extensions.asktb.displaytext", "");
Line Deleted : user_pref("extensions.asktb.dtid", "^OSJ000^YY^GB");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0092");
Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.asktb.ff19-config-first-run", "true");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "12F0B49C-7499-40C5-975E-7573BDE1F96A");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1389747403894");
Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1381130911010");
Line Deleted : user_pref("extensions.asktb.locale", "en_UK");
Line Deleted : user_pref("extensions.asktb.location", "Manchester,United Kingdom");
Line Deleted : user_pref("extensions.asktb.lstation", "");
Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Deleted : user_pref("extensions.asktb.news-native-on", true);
Line Deleted : user_pref("extensions.asktb.o", "100000027");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.pstate", "");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "22");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "E5671B8A-284E-4305-BB62-711620FDCD31");
Line Deleted : user_pref("extensions.asktb.search-history-queries", "mariam jamila||IM 24 May 13:23||CE #(C*FJ G0G 'D5HHHHHHHHHHHHHHHHHHHHHHHH1) ..  C#FG' ,'D3) *3E9 -/J+' EA1-' ...  *4'G/ EB9/G' EF 'D,F) ... 39J/) [...]
Line Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.uk.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.slwo", "1");
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "19/04/2013 16:06:01");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.23.100013");
Line Deleted : user_pref("extensions.asktb.version", "5.15.23.36191");
Line Deleted : user_pref("extensions.asktb.volume", "");
Line Deleted : user_pref("extensions.crossrider.bic", "1403ceea5167e86cf7dd4e147eac1956");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.bbDpng", "2");
Line Deleted : user_pref("extensions.delta.cntry", "GB");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.hdrMd5", "ECF39275E9B1FEEAAF9142C5B784CCC3");
Line Deleted : user_pref("extensions.delta.id", "62d0282b00000000000000ff8cdc83e6");
Line Deleted : user_pref("extensions.delta.instlDay", "15919");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.22.03:45:49");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.sg", "azb");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.03:45:49");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119557&tsp=4962");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "readable%40evernote.com:9.3369.854.431,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:7.0,%7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0,%7BDF153AFF-6948-45d7-AC98[...]
Line Deleted : user_pref("extensions.mysearchdial.aflt", "solimmsd");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDzztDtDtByBtDtDtAyEyE0DtBzztB0BtN0D0Tzu0CyDyBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "GB");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1028554297");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.dspFFXOld", "Delta Search");
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "663BD5AB8F268E482849E3C48C0E90A4");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDzztDtDtByBtDtDtAyEyE0DtBzztB0BtN0D0Tzu0CyDyBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1[...]
Line Deleted : user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=62D000FF8CDC83E6&affID=119557&tsp=4962");
Line Deleted : user_pref("extensions.mysearchdial.id", "08002700344D282B");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "15919");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=62D000FF8CDC83E6&affID=119557&tsp=4962");
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "3:46:55");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDzztDtDtByBtDtDtAyEyE0DtBzztB0BtN0D0Tzu0CyDyBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=solimmsd&cd=2XzuyEtN2Y1L1QzutDzztDtDtByBtDtDtAyEyE0DtBzztB0BtN0D0Tzu0CyDyBzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "3:46:55");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\asai\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [23413 octets] - [15/01/2014 14:32:57]
AdwCleaner[S0].txt - [23020 octets] - [15/01/2014 14:34:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23081 octets] ##########
 

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by asai on 15/01/2014 at 14:47:05.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3045673238-4224514949-1121945729-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\rmschedule.job



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\asai\appdata\local\{5F1A5B60-4B76-44E9-9129-9964DE4A2AA5}
Successfully deleted: [Empty Folder] C:\Users\asai\appdata\local\{FCF81F0A-1FCB-4DFD-93C2-B498E7249389}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\asai\AppData\Roaming\mozilla\firefox\profiles\u849r2y4.default\extensions\addon@freecorder.com
Emptied folder: C:\Users\asai\AppData\Roaming\mozilla\firefox\profiles\u849r2y4.default\minidumps [172 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\asai\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Successfully deleted: [Folder] C:\Users\asai\appdata\local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/01/2014 at 14:51:13.93
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users