Jump to content

MIchaelSam

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by MIchaelSam

  1. Mr.c also alnaddy is still my home page how do i change thaT but in my internet options and chrome it says google but when i open chrome it shows up as alnaddy
  2. Mr.C I am updating Java now: found this : http://snag.gy/b6ejD.jpg http://snag.gy/W61YK.jpg
  3. Here is the log Mr.c : Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader XI Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. Mr.C none of the links u gave me work in my region is this link okay?
  5. LOG: C:\AdwCleaner\Quarantine\C\ProgramData\safe asave\51f29b987ca3b.dll.vir a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaig\1\51f29b987c7df2.53375384.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantinedC:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe Win32/Toolbar.Alnaddy.B application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Downloaded TZ\Windows 7 Loader + Activator v2.0.6 Reloaded - DAZ [Team Rjaa]\Windows 7 Activator\Windows Loader.exe Win32/HackTool.WinActivator.I application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Hexxit\Minecraft (1).exe multiple threats cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Hexxit\Minecraft.exe multiple threats cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\AAPR.rar.exe Win32/InstalleRex.J application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\avs media player (1).exe MSIL/Solimba.H application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\avs media player.exe MSIL/Solimba.H application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\cbsidlm-tr1_11-iWisoft_Free_Flash_SWF_Downloader-ORG-10912725.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\cbsidlm-tr1_13-Uberstrike_HD-SEO-75738854.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\CheatEngine62.exe multiple threats cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\DAEMONToolsUltra110-0103.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantinedC:\Users\saviraaj\Downloads\Setups\SoftonicDownloader_for_kaspersky-anti-virus-remover.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined Mr.c alnaddy is still my home page but when i check my internet options and chrome's home page it is google. BUt besides that no pop-ups, no highlited word ad
  6. It took three hours and after learning that i should have disabled my anti-virus the 1 st time IT WORKED !!!!!! : http://snag.gy/7kAe1.jpg PS mr.c shud i delete the quarantined files?
  7. I ran the scan an hour and twenty minutes later it said that it was aborted by user. And it said total infected files 2, total files cleaned and removed: 0. Ill run it again and this time make sure no one closes or messes around with it
  8. Mr.c here are the infected files they were not removed but are infected from the ESET scan : C:\AdwCleaner\Quarantine\C\ProgramData\safe asave\51f29b987ca3b.dll.vir a variant of Win32/Adware.MultiPlug.I application C:\AdwCleaner\Quarantine\C\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaig\1\51f29b987c7df2.53375384.js.vir Win32/Adware.MultiPlug.H application
  9. I would also like to add that even after the steps u have said, which i followed and even after setting my home page to google.com when i start up chrome it goes to alnaddy.com HELp
  10. Soory mr.c again................. On a gud note i had time to run Combofix here is the log file: (What is wrong?? is there something i can do further?) PLS CHECK: ComboFix 13-09-10.01 - saviraaj 09/10/2013 17:37:28.2.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1955.1056 [GMT 4:00]Running from: c:\users\saviraaj\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\ntuser.datc:\users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\users\saviraaj\AppData\Roaming\IHelperc:\windows\SysWow64\frapsvid.dll.Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache86\userinit.exe ..((((((((((((((((((((((((( Files Created from 2013-08-10 to 2013-09-10 )))))))))))))))))))))))))))))))..2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\Raaj\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\Public\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp2013-09-10 13:49 . 2013-09-10 13:49 -------- d-----w- c:\users\appusweety\AppData\Local\temp2013-09-08 17:42 . 2013-09-09 11:08 -------- d-----w- c:\users\saviraaj\AppData\Local\Warframe2013-09-07 13:33 . 2013-09-07 13:33 -------- d-----w- c:\programdata\YTD Video Downloader2013-09-06 13:02 . 2013-09-06 13:02 -------- d-----w- c:\windows\ERUNT2013-09-03 19:02 . 2013-09-03 19:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-09-03 19:02 . 2013-04-04 10:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-09-03 16:04 . 2013-09-03 16:11 -------- d-----w- C:\AdwCleaner2013-08-28 09:39 . 2013-04-30 23:58 176128 ----a-w- c:\windows\system\QTCF.dll2013-08-28 09:38 . 2013-08-28 09:38 -------- d-----w- c:\windows\system\QTSystem2013-08-28 09:20 . 2013-08-28 14:50 -------- d-----w- c:\users\saviraaj\AppData\Roaming\Wirecast2013-08-28 09:18 . 2013-08-28 09:18 -------- d-----w- c:\programdata\Telestream2013-08-28 09:18 . 2013-08-28 09:18 -------- d-----w- c:\programdata\eSellerate2013-08-28 09:18 . 2013-08-28 09:18 -------- d-----w- c:\users\saviraaj\AppData\Roaming\Vara Software2013-08-28 09:10 . 2013-08-28 09:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-28 09:10 . 2013-08-28 09:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2013-08-22 03:02 . 2013-08-22 03:02 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-08-20 11:24 . 2013-08-20 11:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-18 19:52 . 2013-08-18 19:52 -------- d-----w- c:\program files\iPod2013-08-18 19:51 . 2013-08-18 19:57 -------- d-----w- c:\program files\iTunes2013-08-18 19:51 . 2013-08-18 19:57 -------- d-----w- c:\program files (x86)\iTunes2013-08-18 11:01 . 2013-08-18 11:10 -------- d-----w- c:\program files (x86)\RAR Password Unlocker2013-08-18 08:55 . 2013-08-18 08:55 -------- d-----w- c:\program files (x86)\Cheat Engine 6.22013-08-17 15:09 . 2013-08-17 15:09 -------- d-----w- c:\program files (x86)\ElcomSoft2013-08-17 09:41 . 2013-08-17 09:41 -------- d-----w- c:\programdata\install_clap2013-08-15 10:04 . 2013-08-15 10:04 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google2013-08-14 14:33 . 2013-09-10 10:56 -------- d-----w- c:\users\saviraaj\AppData\Roaming\.technic2013-08-12 09:22 . 2013-08-13 10:42 -------- d-----w- C:\Fraps...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-22 03:03 . 2012-10-08 07:56 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-08-22 03:03 . 2012-05-18 11:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-19 21:51 . 2013-07-19 21:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys2013-07-19 21:50 . 2013-07-19 21:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys2013-07-19 21:50 . 2013-07-19 21:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2013-07-19 21:50 . 2013-07-19 21:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys2013-07-15 07:07 . 2013-07-15 07:08 21656 ----a-w- c:\windows\system32\drivers\evolve.sys2013-07-14 06:19 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll2013-07-14 06:19 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll2013-07-14 06:19 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll2013-07-14 06:19 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll2013-07-14 06:19 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll2013-07-13 11:28 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll.bak2013-07-13 11:28 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll.bak2013-07-13 11:28 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll.bak2013-07-09 21:32 . 2013-07-09 21:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys2013-07-02 08:34 . 2013-07-26 22:54 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A894B9B6-0FC7-46A9-9D3B-5D5FA980DF46}\mpengine.dll2013-06-30 21:45 . 2013-06-30 21:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2013-06-25 18:12 . 2013-06-25 15:27 181064 ----a-w- c:\windows\PSEXESVC.EXE2013-06-23 20:57 . 2012-10-14 13:22 78277128 ----a-w- c:\windows\system32\MRT.exe2013-06-21 11:03 . 2013-06-07 16:51 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-06-21 11:03 . 2012-10-20 13:41 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-06-21 11:03 . 2012-10-20 13:41 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-06-18 18:55 . 2013-06-18 18:55 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll[-] 2013-07-14 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll.[-] 2013-07-14 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]"58BAC9FBB2A7E6DAF86AC4F3268C68FDF91DFB99._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-09-02 829392]"googletalk"="c:\users\saviraaj\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]"xwidget"="c:\program files (x86)\XWidget\xwidget.exe" [2013-04-16 1799680]"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]"EvolveClient"="c:\program files\Echobit\Evolve\EvolveClient.exe" [2013-07-15 2708440]"NoIPDUCv4"="c:\program files (x86)\No-IP\DUC40.exe" [2013-01-24 270336].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2013-04-10 5164712]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-06-04 295512]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].c:\users\saviraaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk - c:\users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [2013-7-2 74118].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux7"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R1 7267212drv;7267212drv;c:\windows\system32\DRIVERS\7267212drv.sys;c:\windows\SYSNATIVE\DRIVERS\7267212drv.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 vm331avs;Philips SPZ2500 Webcam;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-09-04 11:30 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 03:03].2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 17:46].2013-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7a52bd488b9.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 17:46].2013-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002Core.job- c:\users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-15 09:52].2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002UA.job- c:\users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-15 09:52].2013-09-10 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\programdata\HP Photo Creations\Communicator.exe [2012-11-24 12:58].2013-08-15 c:\windows\Tasks\HPCeeScheduleForsaviraaj.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2013-06-27 12:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-07 168216]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-07 416024]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: Interfaces\{69FAE8A0-B030-4BF1-AEF6-4428D7F0BA05}: NameServer = 192.168.254.254.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-Minecraft Premium Generator - c:\program files (x86)\Minecraft Premium Generator\Uninstal.exeAddRemove-Minecraft1.6.2 - c:\users\saviraaj\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exeAddRemove-TeamExtreme Minecraft Installer 1.00 - c:\users\saviraaj\AppData\Roaming\.minecraft\Uninstall.exeAddRemove-{EB03EF39-C655-D560-FA95-79182B837D64} - c:\programdata\MagniiPic\uninstall.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\software\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\TeamViewer\Version8\TeamViewer.exec:\program files (x86)\TeamViewer\Version8\tv_w32.exec:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-09-10 17:57:07 - machine was rebootedComboFix-quarantined-files.txt 2013-09-10 13:57.Pre-Run: 108,226,719,744 bytes freePost-Run: 107,890,941,952 bytes free.- - End Of File - - 96112000E5082ACB5DB40AB653B918A3
  11. Mr.c here is the mbar logs and reports, for the clean-up part it said "no malware found" as I had done this process before, as told by u. The two logs are attached mbar-log-2013-09-07 (20-04-52).txt system-log.txt
  12. Sorry Mr.C school just started so got cought up in school work here is the junkware report: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.8 (09.05.2013:1)OS: Windows 7 Ultimate x64Ran by saviraaj on Fri 09/06/2013 at 17:02:15.23~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc softwareSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1174409732-3589765350-1403921018-1002\Software\SweetIMSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc softwareSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EC439B09-677F-4F82-AF5C-2DAAE547E713}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F503F83E-7778-4364-BFFC-D6DA2BF2151B}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{541EF797-65E4-45E6-9B8A-1BC7A0E624D0} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\speedypc software"Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"Successfully deleted: [Folder] "C:\Users\saviraaj\AppData\Roaming\speedypc software"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"Successfully deleted: [Empty Folder] C:\Users\saviraaj\appdata\local\{30485E59-359D-42AC-96A1-545FAA0D507F}Successfully deleted: [Empty Folder] C:\Users\saviraaj\appdata\local\{F6DDE69B-3A37-4FEB-8EA0-D130EDADD71A} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 09/06/2013 at 17:07:57.89End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. Thnx for the HUGE response I'll try doing all these steps Mr.C
  14. Mr.C it hasn't made mush of a difference as i have said this ad still contines: and also my home page is set to google.com but i keeps going to alnaddy.com : http://snag.gy/RJFzU.jpg ..... HELP
  15. it asks me to restart to remove all active threats should i? http://snag.gy/xpFwd.jpg
  16. Here are logs generated after ur steps, although i might have selected remove selected.... LOGS in attachment mbam-log-2013-09-03 (23-20-27).txt MBAM-log-2013-09-03 (23-31-55) lol.txt
  17. I've rebooted and here's the log that showed up. ( I didn't uncheck anything, cause i wanted non of them) LOG: # AdwCleaner v3.002 - Report created 03/09/2013 at 20:10:55# Updated 01/09/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : saviraaj - RAAJ-HP# Running from : C:\Users\saviraaj\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\BetterSoftFolder Deleted : C:\ProgramData\StarAppFolder Deleted : C:\ProgramData\safe asaveFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asaveFolder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Program Files (x86)\SafeSaverFolder Deleted : C:\Program Files (x86)\WebSearchFolder Deleted : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaigFile Deleted : C:\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [videosaver@videosaver.net]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifjgookacnmjghjfagggbkpebmndnbibKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecbKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aaKey Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59979835-2F65-7852-1A53-22828BACFD8F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59979835-2F65-7852-1A53-22828BACFD8F}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\AppDataLow\SProtectorKey Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerProData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\safesa~1\sprote~1.dllData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dll ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [4510 octets] - [03/09/2013 20:04:39]AdwCleaner[R1].txt - [4570 octets] - [03/09/2013 20:10:03]AdwCleaner[s0].txt - [4091 octets] - [03/09/2013 20:10:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4151 octets] ##########
  18. I'm sooooooooooo soooory Mr.C the password to the pc was changed and we just found it! so here is the first scan with adwcleaner: # AdwCleaner v3.002 - Report created 03/09/2013 at 20:04:39# Updated 01/09/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : saviraaj - RAAJ-HP# Running from : C:\Users\saviraaj\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Uninstall.exeFolder Found : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcciighfihnilbkkehkbogclibokkaigFolder Found C:\Program Files (x86)\MyPC BackupFolder Found C:\Program Files (x86)\MyPC Backup Folder Found C:\Program Files (x86)\SafeSaverFolder Found C:\Program Files (x86)\WebSearchFolder Found C:\ProgramData\BetterSoftFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asaveFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\safe asaveFolder Found C:\ProgramData\safe asaveFolder Found C:\ProgramData\StarApp ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\safesa~1\sprote~1.dllData Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\websea~1\sprote~1.dllKey Found : HKCU\Software\AppDataLow\SProtectorKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : HKCU\Software\Optimizer ProKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : [x64] HKCU\Software\Optimizer ProKey Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Classes\CLSID\{59979835-2F65-7852-1A53-22828BACFD8F}Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ifjgookacnmjghjfagggbkpebmndnbibKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59979835-2F65-7852-1A53-22828BACFD8F}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecbKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aaKey Found : HKLM\Software\SP GlobalKey Found : HKLM\Software\SProtectorKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerProValue Found : HKCU\Software\Mozilla\Firefox\Extensions [videosaver@videosaver.net] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v29.0.1547.62 [ File : C:\Users\saviraaj\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [4350 octets] - [03/09/2013 20:04:39] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4410 octets] ########## All of these are fine to remove...... The second is coming.....
  19. Thnx 4 ur reply Mr.C here are the results: DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by saviraaj at 1:15:58 on 2013-09-01Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1955.942 [GMT 4:00].AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Windows\system32\sppsvc.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\system32\taskhost.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exeC:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\AVG\AVG2013\avgcfgex.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mURLSearchHooks: <No Name>: - LocalServer32 - <no file>mURLSearchHooks: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - <orphaned>BHO: safe asave: {59979835-2F65-7852-1A53-22828BACFD8F} - C:\ProgramData\safe asave\51f29b987ca3b.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllTB: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllEB: SimilarWeb: {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dlluRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quietuRun: [58BAC9FBB2A7E6DAF86AC4F3268C68FDF91DFB99._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=serviceuRun: [googletalk] C:\Users\saviraaj\AppData\Roaming\Google\Google Talk\googletalk.exe /autostartuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exeuRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayuRun: [Google Update] "C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [EvolveClient] C:\Program Files\Echobit\Evolve\EvolveClient.exe -autorunuRun: [NoIPDUCv4] "C:\Program Files (x86)\No-IP\DUC40.exe" /minimizeuRunOnce: [Application Restart #1] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --incognito --flag-switches-begin --enable-sync-favicons --enable-full-history-sync --sync-keystore-encryption --flag-switches-end --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end --restore-last-sessionmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkeymRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startmRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimedRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunStartupFolder: C:\Users\saviraaj\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\bm.lnk - C:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {5D06ED6E-DA78-4486-A246-B131A2C39807} - {74198672-5F7D-4FE9-A611-4AC1D5A66A15} - C:\Program Files (x86)\SimilarWeb\SimilarWeb.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: Interfaces\{69FAE8A0-B030-4BF1-AEF6-4428D7F0BA05} : NameServer = 192.168.254.254Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= c:\progra~2\safesa~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - <orphaned>x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-Notify: klogon - C:\Windows\System32\klogon.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLHosts: 127.0.0.1 validation.sls.microsoft.com.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-17 16384]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-18 1128952]R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-11 4308320]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-18 2656536]R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2013-7-15 21656]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-18 169584]S1 7267212drv;7267212drv;C:\Windows\System32\drivers\7267212drv.sys [2013-5-1 556632]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 EvoSvc;Evolve Service;C:\Program Files\Echobit\Evolve\EvoSvc.exe [2013-7-15 1495512]S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-18 158976]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 vm331avs;Philips SPZ2500 Webcam;C:\Windows\System32\drivers\vm331avs.sys [2010-2-11 1071616]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-12 1255736]S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-6-16 120592]S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2013-08-28 09:39:11 176128 ----a-w- C:\Windows\system\QTCF.dll2013-08-28 09:20:45 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\Wirecast2013-08-28 09:18:59 -------- d-----w- C:\ProgramData\Telestream2013-08-28 09:18:59 -------- d-----w- C:\ProgramData\eSellerate2013-08-28 09:18:54 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\Vara Software2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-28 09:10:00 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-08-25 05:59:22 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\.techniclauncher2013-08-22 03:02:26 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2013-08-20 11:24:56 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-18 19:52:12 -------- d-----w- C:\Program Files\iPod2013-08-18 19:51:35 -------- d-----w- C:\Program Files\iTunes2013-08-18 19:51:35 -------- d-----w- C:\Program Files (x86)\iTunes2013-08-18 11:01:29 -------- d-----w- C:\Program Files (x86)\RAR Password Unlocker2013-08-18 08:55:27 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.22013-08-17 15:09:37 -------- d-----w- C:\Program Files (x86)\ElcomSoft2013-08-17 09:41:57 -------- d-----w- C:\ProgramData\install_clap2013-08-14 14:33:21 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\.technic2013-08-14 14:31:34 -------- d-----w- C:\Program Files (x86)\WebSearch2013-08-14 14:28:27 -------- d-----w- C:\ProgramData\StarApp2013-08-12 09:22:15 -------- d-----w- C:\Fraps2013-08-06 16:07:11 -------- d-----w- C:\Users\saviraaj\AppData\Local\Vitalwerks2013-08-06 16:07:03 -------- d-----w- C:\Program Files (x86)\No-IP2013-08-05 15:21:35 -------- d-----w- C:\Users\saviraaj\AppData\Roaming\ihelper2013-08-05 12:17:33 -------- d-----r- C:\Program Files (x86)\Skype2013-08-05 11:56:28 -------- d-----w- C:\Windows\System32\MRT.==================== Find3M ====================.2013-08-22 03:03:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-22 03:03:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-19 21:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-07-19 21:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-07-19 21:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-07-19 21:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-07-15 07:07:14 21656 ----a-w- C:\Windows\System32\drivers\evolve.sys2013-07-14 06:19:23 419840 ----a-w- C:\Windows\System32\systemcpl.dll2013-07-14 06:19:23 14848 ----a-w- C:\Windows\System32\slwga.dll2013-07-14 06:19:23 13824 ----a-w- C:\Windows\SysWow64\slwga.dll2013-07-14 06:19:22 833024 ----a-w- C:\Windows\SysWow64\user32.dll2013-07-14 06:19:22 1008640 ----a-w- C:\Windows\System32\user32.dll2013-07-13 11:28:41 14848 ----a-w- C:\Windows\System32\slwga.dll.bak2013-07-13 11:28:40 833024 ----a-w- C:\Windows\SysWow64\user32.dll.bak2013-07-13 11:28:40 1008640 ----a-w- C:\Windows\System32\user32.dll.bak2013-07-09 21:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-06-30 21:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-06-21 11:03:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-21 11:03:21 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-06-21 11:03:21 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-18 18:55:33 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet(89).dll2013-06-11 23:43:32 1141248 ----a-w- C:\Windows\SysWow64\urlmon(86).dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 2046976 ----a-w- C:\Windows\SysWow64\iertutil(85).dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet(84).dll2013-06-11 23:26:13 1365504 ----a-w- C:\Windows\System32\urlmon(81).dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 2648576 ----a-w- C:\Windows\System32\iertutil(79).dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-06-04 13:58:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-06-04 13:58:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll.============= FINISH: 1:17:48.13 =============== Attach: below Rogue Killer scan: RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : saviraaj [Admin rights]Mode : Scan -- Date : 09/01/2013 01:09:45| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] iexplorer_monitor.exe -- C:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1174409732-3589765350-1403921018-1002\[...]\Run : Google Update ("C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND ¤¤¤ Scheduled tasks : 5 ¤¤¤[V1][ROGUE ST] schedule!3036567561.job : C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe - /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini" [x][-] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002UA.job : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002Core.job : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002Core : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1174409732-3589765350-1403921018-1002UA : C:\Users\saviraaj\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 1 ¤¤¤[saviraaj][sUSP PATH] bm.lnk : C:\Users\saviraaj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bm.lnk @C:\Users\saviraaj\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe [-][-] -> FOUND ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 validation.sls.microsoft.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721050CLA660 +++++--- User ---[MBR] 823a1e713e5afa3f62297698cd1b22fb[bSP] bbbd635337fa445d4dbabeb6670ec7cb : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 458896 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940025856 | Size: 17942 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 112504075816eea67c5a2dd0cb82072d[bSP] dc13780ee39d9113a5a75fac9f0d084e : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo +++++ PhysicalDrive1: Hitachi HDS721050CLA660 +++++--- User ---[MBR] 8cd7cf884afd3a724bd33f94e6c1565d[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7377 MoUser = LL1 ... OK!Error reading LL2 MBR! Finished : << RKreport[0]_S_09012013_010945.txt >> PS sorry for the delay attach.zip
  20. Ever since i had installed the adblock plugin for my google chrome browser, I've been getting various types of ads, such as: 1) the highlighted text ad: http://snag.gy/CtKoh.jpg these things highlight texts that are not links and are really annoying when i accidentally click them, thinking its a link. 2) the classic pop-up ad : http://snag.gy/3xxV8.jpg 3) alnaddy.com : http://snag.gy/EOjXi.jpg This site is the most annoying as everytime i start up google chrome (my default browser) this comes as the home page when I clearly set it to google, and everytime i'm just browsing this site pops up for no reason. Pls help. Pc details: OS: Windows 7 Ultimate Processor: 64-bit Google chrome plugin: https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en PLS HELP !!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.