-
Posts
31 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by MIchaelSam
-
Mr.c also alnaddy is still my home page how do i change thaT but in my internet options and chrome it says google but when i open chrome it shows up as alnaddy
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Mr.C I am updating Java now: found this : http://snag.gy/b6ejD.jpg http://snag.gy/W61YK.jpg
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Here is the log Mr.c : Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader XI Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Mr.C none of the links u gave me work in my region is this link okay?
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
LOG: C:\AdwCleaner\Quarantine\C\ProgramData\safe asave\51f29b987ca3b.dll.vir a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaig\1\51f29b987c7df2.53375384.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantinedC:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe Win32/Toolbar.Alnaddy.B application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Downloaded TZ\Windows 7 Loader + Activator v2.0.6 Reloaded - DAZ [Team Rjaa]\Windows 7 Activator\Windows Loader.exe Win32/HackTool.WinActivator.I application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Hexxit\Minecraft (1).exe multiple threats cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Hexxit\Minecraft.exe multiple threats cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\AAPR.rar.exe Win32/InstalleRex.J application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\avs media player (1).exe MSIL/Solimba.H application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\avs media player.exe MSIL/Solimba.H application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\cbsidlm-tr1_11-iWisoft_Free_Flash_SWF_Downloader-ORG-10912725.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\cbsidlm-tr1_13-Uberstrike_HD-SEO-75738854.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\CheatEngine62.exe multiple threats cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\DAEMONToolsUltra110-0103.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\SoftonicDownloader_for_kaspersky-anti-virus-remover.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined Mr.c alnaddy is still my home page but when i check my internet options and chrome's home page it is google. BUt besides that no pop-ups, no highlited word ad
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
It took three hours and after learning that i should have disabled my anti-virus the 1 st time IT WORKED !!!!!! : http://snag.gy/7kAe1.jpg PS mr.c shud i delete the quarantined files?
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
I ran the scan an hour and twenty minutes later it said that it was aborted by user. And it said total infected files 2, total files cleaned and removed: 0. Ill run it again and this time make sure no one closes or messes around with it
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Mr.c here are the infected files they were not removed but are infected from the ESET scan : C:\AdwCleaner\Quarantine\C\ProgramData\safe asave\51f29b987ca3b.dll.vir a variant of Win32/Adware.MultiPlug.I application C:\AdwCleaner\Quarantine\C\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaig\1\51f29b987c7df2.53375384.js.vir Win32/Adware.MultiPlug.H application
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Mr.C this is how its going so far : http://snag.gy/DONvD.jpg
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
MR.C done with this : http://snag.gy/C6X3o.jpg
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
mr.c should i uninstall combofix?
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
I would also like to add that even after the steps u have said, which i followed and even after setting my home page to google.com when i start up chrome it goes to alnaddy.com HELp
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Soory mr.c again................. On a gud note i had time to run Combofix here is the log file: (What is wrong?? is there something i can do further?) PLS CHECK: ComboFix 13-09-10.01 - saviraaj 09/10/2013 17:37:28.2.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1955.1056 [GMT 4:00]Running from: c:\users\saviraaj\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\ntuser.datc:\users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\saviraaj\AppData\Roaming\IHelperc:\windows\SysWow64\frapsvid.dll.Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache86\userinit.exe ..((((((((((((((((((((((((( Files Created from 2013-08-10 to 2013-09-10 )))))))))))))))))))))))))))))))..2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\Raaj\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\Public\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\appusweety\AppData\Local\temp2013-09-08 17:42 . 2013-09-09 11:08 -------- d-----w- c:\users\saviraaj\AppData\Local\Warframe2013-09-07 13:33 . 2013-09-07 13:33 -------- d-----w- c:\programdata\YTD Video Downloader2013-09-06 13:02 . 2013-09-06 13:02 -------- d-----w- c:\windows\ERUNT2013-09-03 19:02 . 2013-09-03 19:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-09-03 19:02 . 2013-04-04 10:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-03 16:04 . 2013-09-03 16:11 -------- d-----w- C:\AdwCleaner2013-08-28 09:39 . 2013-04-30 23:58 176128 ----a-w- c:\windows\system\QTCF.dll2013-08-28 09:38 . 2013-08-28 09:38 -------- d-----w- c:\windows\system\QTSystem2013-08-28 09:20 . 2013-08-28 14:50 -------- d-----w- c:\users\saviraaj\AppData\Roaming\Wirecast2013-08-28 09:18 . 2013-08-28 09:18 -------- d-----w- c:\programdata\Telestream2013-08-28 09:18 . 2013-08-28 09:18 -------- d-----w- c:\programdata\eSellerate2013-08-28 09:18 . 2013-08-28 09:18 -------- d-----w- c:\users\saviraaj\AppData\Roaming\Vara Software2013-08-28 09:10 . 2013-08-28 09:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-08-22 03:02 . 2013-08-22 03:02 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-08-20 11:24 . 2013-08-20 11:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-18 19:52 . 2013-08-18 19:52 -------- d-----w- c:\program files\iPod2013-08-18 19:51 . 2013-08-18 19:57 -------- d-----w- c:\program files\iTunes2013-08-18 19:51 . 2013-08-18 19:57 -------- d-----w- c:\program files (x86)\iTunes2013-08-18 11:01 . 2013-08-18 11:10 -------- d-----w- c:\program files (x86)\RAR Password Unlocker2013-08-18 08:55 . 2013-08-18 08:55 -------- d-----w- c:\program files (x86)\Cheat Engine 6.22013-08-17 15:09 . 2013-08-17 15:09 -------- d-----w- c:\program files (x86)\ElcomSoft2013-08-17 09:41 . 2013-08-17 09:41 -------- d-----w- c:\programdata\install_clap2013-08-15 10:04 . 2013-08-15 10:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google2013-08-14 14:33 . 2013-09-10 10:56 -------- d-----w- c:\users\saviraaj\AppData\Roaming\.technic2013-08-12 09:22 . 2013-08-13 10:42 -------- d-----w- C:\Fraps...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-22 03:03 . 2012-10-08 07:56 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-22 03:03 . 2012-05-18 11:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-19 21:51 . 2013-07-19 21:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys2013-07-19 21:50 . 2013-07-19 21:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys2013-07-19 21:50 . 2013-07-19 21:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2013-07-19 21:50 . 2013-07-19 21:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys2013-07-15 07:07 . 2013-07-15 07:08 21656 ----a-w- c:\windows\system32\drivers\evolve.sys2013-07-14 06:19 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll2013-07-14 06:19 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll2013-07-14 06:19 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll2013-07-14 06:19 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll2013-07-14 06:19 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll2013-07-13 11:28 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll.bak2013-07-13 11:28 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll.bak2013-07-13 11:28 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll.bak2013-07-09 21:32 . 2013-07-09 21:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys2013-07-02 08:34 . 2013-07-26 22:54 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A894B9B6-0FC7-46A9-9D3B-5D5FA980DF46}\mpengine.dll2013-06-30 21:45 . 2013-06-30 21:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2013-06-25 18:12 . 2013-06-25 15:27 181064 ----a-w- c:\windows\PSEXESVC.EXE2013-06-23 20:57 . 2012-10-14 13:22 78277128 ----a-w- c:\windows\system32\MRT.exe2013-06-21 11:03 . 2013-06-07 16:51 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-06-21 11:03 . 2012-10-20 13:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-21 11:03 . 2012-10-20 13:41 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-18 18:55 . 2013-06-18 18:55 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll[-] 2013-07-14 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll.[-] 2013-07-14 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]"58BAC9FBB2A7E6DAF86AC4F3268C68FDF91DFB99._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]"googletalk"="c:\users\saviraaj\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-04-16 1799680]"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2013-07-15 2708440]"NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-24 270336].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-04 295512]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].c:\users\saviraaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk - c:\users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [2013-7-2 74118].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux7"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R1 7267212drv;7267212drv;c:\windows\system32\DRIVERS\7267212drv.sys;c:\windows\SYSNATIVE\DRIVERS\7267212drv.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 vm331avs;Philips SPZ2500 Webcam;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 11:30 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 03:03].2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 17:46].2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7a52bd488b9.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 17:46].2013-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002Core.job- c:\users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-15 09:52].2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002UA.job- c:\users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-15 09:52].2013-09-10 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\programdata\HP Photo Creations\Communicator.exe [2012-11-24 12:58].2013-08-15 c:\windows\Tasks\HPCeeScheduleForsaviraaj.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-07 168216]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-07 416024]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: Interfaces\{69FAE8A0-B030-4BF1-AEF6-4428D7F0BA05}: NameServer = 192.168.254.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Minecraft Premium Generator - c:\program files (x86)\Minecraft Premium Generator\Uninstal.exeAddRemove-Minecraft1.6.2 - c:\users\saviraaj\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exeAddRemove-TeamExtreme Minecraft Installer 1.00 - c:\users\saviraaj\AppData\Roaming\.minecraft\Uninstall.exeAddRemove-{EB03EF39-C655-D560-FA95-79182B837D64} - c:\programdata\MagniiPic\uninstall.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\software\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\TeamViewer\Version8\TeamViewer.exec:\program files (x86)\TeamViewer\Version8\tv_w32.exec:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-09-10 17:57:07 - machine was rebootedComboFix-quarantined-files.txt 2013-09-10 13:57.Pre-Run: 108,226,719,744 bytes freePost-Run: 107,890,941,952 bytes free.- - End Of File - - 96112000E5082ACB5DB40AB653B918A3
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Mr.c here is the mbar logs and reports, for the clean-up part it said "no malware found" as I had done this process before, as told by u. The two logs are attached mbar-log-2013-09-07 (20-04-52).txt system-log.txt
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Sorry Mr.C school just started so got cought up in school work here is the junkware report: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.8 (09.05.2013:1)OS: Windows 7 Ultimate x64Ran by saviraaj on Fri 09/06/2013 at 17:02:15.23~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc softwareSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1174409732-3589765350-1403921018-1002\Software\SweetIMSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc softwareSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EC439B09-677F-4F82-AF5C-2DAAE547E713}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F503F83E-7778-4364-BFFC-D6DA2BF2151B}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{541EF797-65E4-45E6-9B8A-1BC7A0E624D0} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\speedypc software"Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"Successfully deleted: [Folder] "C:\Users\saviraaj\AppData\Roaming\speedypc software"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"Successfully deleted: [Empty Folder] C:\Users\saviraaj\appdata\local\{30485E59-359D-42AC-96A1-545FAA0D507F}Successfully deleted: [Empty Folder] C:\Users\saviraaj\appdata\local\{F6DDE69B-3A37-4FEB-8EA0-D130EDADD71A} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 09/06/2013 at 17:07:57.89End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Thnx for the HUGE response I'll try doing all these steps Mr.C
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Mr.C it hasn't made mush of a difference as i have said this ad still contines: and also my home page is set to google.com but i keeps going to alnaddy.com : http://snag.gy/RJFzU.jpg ..... HELP
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
it asks me to restart to remove all active threats should i? http://snag.gy/xpFwd.jpg
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Here are logs generated after ur steps, although i might have selected remove selected.... LOGS in attachment mbam-log-2013-09-03 (23-20-27).txt MBAM-log-2013-09-03 (23-31-55) lol.txt
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
its okay i got malwarebytes will do the steps now...
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
du i need to install MB? if so where can i get it from?
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
I've rebooted and here's the log that showed up. ( I didn't uncheck anything, cause i wanted non of them) LOG: # AdwCleaner v3.002 - Report created 03/09/2013 at 20:10:55# Updated 01/09/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : saviraaj - RAAJ-HP# Running from : C:\Users\saviraaj\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BetterSoftFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\safe asaveFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asaveFolder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Program Files (x86)\SafeSaverFolder Deleted : C:\Program Files (x86)\WebSearchFolder Deleted : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaigFile Deleted : C:\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [videosaver@videosaver.net]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifjgookacnmjghjfagggbkpebmndnbibKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecbKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aaKey Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59979835-2F65-7852-1A53-22828BACFD8F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59979835-2F65-7852-1A53-22828BACFD8F}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\AppDataLow\SProtectorKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerProData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\safesa~1\sprote~1.dllData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dll ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [4510 octets] - [03/09/2013 20:04:39]AdwCleaner[R1].txt - [4570 octets] - [03/09/2013 20:10:03]AdwCleaner[s0].txt - [4091 octets] - [03/09/2013 20:10:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4151 octets] ##########
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
I'm sooooooooooo soooory Mr.C the password to the pc was changed and we just found it! so here is the first scan with adwcleaner: # AdwCleaner v3.002 - Report created 03/09/2013 at 20:04:39# Updated 01/09/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : saviraaj - RAAJ-HP# Running from : C:\Users\saviraaj\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Uninstall.exeFolder Found : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaigFolder Found C:\Program Files (x86)\MyPC BackupFolder Found C:\Program Files (x86)\MyPC Backup Folder Found C:\Program Files (x86)\SafeSaverFolder Found C:\Program Files (x86)\WebSearchFolder Found C:\ProgramData\BetterSoftFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asaveFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asaveFolder Found C:\ProgramData\safe asaveFolder Found C:\ProgramData\StarApp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\safesa~1\sprote~1.dllData Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dllKey Found : HKCU\Software\AppDataLow\SProtectorKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : HKCU\Software\Optimizer ProKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : [x64] HKCU\Software\Optimizer ProKey Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Classes\CLSID\{59979835-2F65-7852-1A53-22828BACFD8F}Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ifjgookacnmjghjfagggbkpebmndnbibKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59979835-2F65-7852-1A53-22828BACFD8F}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecbKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aaKey Found : HKLM\Software\SP GlobalKey Found : HKLM\Software\SProtectorKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerProValue Found : HKCU\Software\Mozilla\Firefox\Extensions [videosaver@videosaver.net] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [4350 octets] - [03/09/2013 20:04:39] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4410 octets] ########## All of these are fine to remove...... The second is coming.....
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Thnx 4 ur reply Mr.C here are the results: DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by saviraaj at 1:15:58 on 2013-09-01Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1955.942 [GMT 4:00].AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Windows\system32\sppsvc.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\taskhost.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\AVG\AVG2013\avgcfgex.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: <No Name>: - LocalServer32 - <no file>mURLSearchHooks: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - <orphaned>BHO: safe asave: {59979835-2F65-7852-1A53-22828BACFD8F} - C:\ProgramData\safe asave\51f29b987ca3b.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllTB: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllEB: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dlluRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietuRun: [58BAC9FBB2A7E6DAF86AC4F3268C68FDF91DFB99._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=serviceuRun: [googletalk] C:\Users\saviraaj\AppData\Roaming\Google\Google Talk\googletalk.exe /autostartuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exeuRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayuRun: [Google Update] "C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [EvolveClient] C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorunuRun: [NoIPDUCv4] "C:\Program Files (x86)\No-IP\DUC40.exe" /minimizeuRunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --incognito --flag-switches-begin --enable-sync-favicons --enable-full-history-sync --sync-keystore-encryption --flag-switches-end --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end --restore-last-sessionmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkeymRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startmRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimedRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunStartupFolder: C:\Users\saviraaj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\bm.lnk - C:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {5D06ED6E-DA78-4486-A246-B131A2C39807} - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: Interfaces\{69FAE8A0-B030-4BF1-AEF6-4428D7F0BA05} : NameServer = 192.168.254.254Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~2\safesa~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - <orphaned>x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: klogon - C:\Windows\System32\klogon.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLHosts: 127.0.0.1 validation.sls.microsoft.com.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-17 16384]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-18 1128952]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-11 4308320]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-18 2656536]R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-15 21656]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-18 169584]S1 7267212drv;7267212drv;C:\Windows\System32\drivers\7267212drv.sys [2013-5-1 556632]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2013-7-15 1495512]S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-18 158976]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 vm331avs;Philips SPZ2500 Webcam;C:\Windows\System32\drivers\vm331avs.sys [2010-2-11 1071616]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-12 1255736]S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-6-16 120592]S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2013-08-28 09:39:11 176128 ----a-w- C:\Windows\system\QTCF.dll2013-08-28 09:20:45 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\Wirecast2013-08-28 09:18:59 -------- d-----w- C:\ProgramData\Telestream2013-08-28 09:18:59 -------- d-----w- C:\ProgramData\eSellerate2013-08-28 09:18:54 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\Vara Software2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-08-25 05:59:22 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\.techniclauncher2013-08-22 03:02:26 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-08-20 11:24:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-18 19:52:12 -------- d-----w- C:\Program Files\iPod2013-08-18 19:51:35 -------- d-----w- C:\Program Files\iTunes2013-08-18 19:51:35 -------- d-----w- C:\Program Files (x86)\iTunes2013-08-18 11:01:29 -------- d-----w- C:\Program Files (x86)\RAR Password Unlocker2013-08-18 08:55:27 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.22013-08-17 15:09:37 -------- d-----w- C:\Program Files (x86)\ElcomSoft2013-08-17 09:41:57 -------- d-----w- C:\ProgramData\install_clap2013-08-14 14:33:21 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\.technic2013-08-14 14:31:34 -------- d-----w- C:\Program Files (x86)\WebSearch2013-08-14 14:28:27 -------- d-----w- C:\ProgramData\StarApp2013-08-12 09:22:15 -------- d-----w- C:\Fraps2013-08-06 16:07:11 -------- d-----w- C:\Users\saviraaj\AppData\Local\Vitalwerks2013-08-06 16:07:03 -------- d-----w- C:\Program Files (x86)\No-IP2013-08-05 15:21:35 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\ihelper2013-08-05 12:17:33 -------- d-----r- C:\Program Files (x86)\Skype2013-08-05 11:56:28 -------- d-----w- C:\Windows\System32\MRT.==================== Find3M ====================.2013-08-22 03:03:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 03:03:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-19 21:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-07-19 21:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-07-19 21:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-07-19 21:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-07-15 07:07:14 21656 ----a-w- C:\Windows\System32\drivers\evolve.sys2013-07-14 06:19:23 419840 ----a-w- C:\Windows\System32\systemcpl.dll2013-07-14 06:19:23 14848 ----a-w- C:\Windows\System32\slwga.dll2013-07-14 06:19:23 13824 ----a-w- C:\Windows\SysWow64\slwga.dll2013-07-14 06:19:22 833024 ----a-w- C:\Windows\SysWow64\user32.dll2013-07-14 06:19:22 1008640 ----a-w- C:\Windows\System32\user32.dll2013-07-13 11:28:41 14848 ----a-w- C:\Windows\System32\slwga.dll.bak2013-07-13 11:28:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll.bak2013-07-13 11:28:40 1008640 ----a-w- C:\Windows\System32\user32.dll.bak2013-07-09 21:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-06-30 21:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-06-21 11:03:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-21 11:03:21 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-21 11:03:21 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-18 18:55:33 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet(89).dll2013-06-11 23:43:32 1141248 ----a-w- C:\Windows\SysWow64\urlmon(86).dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 2046976 ----a-w- C:\Windows\SysWow64\iertutil(85).dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet(84).dll2013-06-11 23:26:13 1365504 ----a-w- C:\Windows\System32\urlmon(81).dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 2648576 ----a-w- C:\Windows\System32\iertutil(79).dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 13:58:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-06-04 13:58:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll.============= FINISH: 1:17:48.13 =============== Attach: below Rogue Killer scan: RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : saviraaj [Admin rights]Mode : Scan -- Date : 09/01/2013 01:09:45| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] iexplorer_monitor.exe -- C:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1174409732-3589765350-1403921018-1002\[...]\Run : Google Update ("C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND ¤¤¤ Scheduled tasks : 5 ¤¤¤[V1][ROGUE ST] schedule!3036567561.job : C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe - /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini" [x][-] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002UA.job : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002Core.job : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002Core : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002UA : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 1 ¤¤¤[saviraaj][sUSP PATH] bm.lnk : C:\Users\saviraaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk @C:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [-][-] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 validation.sls.microsoft.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA660 +++++--- User ---[MBR] 823a1e713e5afa3f62297698cd1b22fb[bSP] bbbd635337fa445d4dbabeb6670ec7cb : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 458896 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940025856 | Size: 17942 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 112504075816eea67c5a2dd0cb82072d[bSP] dc13780ee39d9113a5a75fac9f0d084e : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo +++++ PhysicalDrive1: Hitachi HDS721050CLA660 +++++--- User ---[MBR] 8cd7cf884afd3a724bd33f94e6c1565d[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7377 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_09012013_010945.txt >> PS sorry for the delay attach.zip
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with:
-
Ever since i had installed the adblock plugin for my google chrome browser, I've been getting various types of ads, such as: 1) the highlighted text ad: http://snag.gy/CtKoh.jpg these things highlight texts that are not links and are really annoying when i accidentally click them, thinking its a link. 2) the classic pop-up ad : http://snag.gy/3xxV8.jpg 3) alnaddy.com : http://snag.gy/EOjXi.jpg This site is the most annoying as everytime i start up google chrome (my default browser) this comes as the home page when I clearly set it to google, and everytime i'm just browsing this site pops up for no reason. Pls help. Pc details: OS: Windows 7 Ultimate Processor: 64-bit Google chrome plugin: https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en PLS HELP !!!
- 45 replies
-
- adware
- google chrome
-
(and 7 more)
Tagged with: