widy Posted December 19, 2012 ID:624996 Share Posted December 19, 2012 please help remove babylon malware - i've tried myself but to no availHere is the DDS log:DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.17153Run by Widyantoko at 2:03:31 on 2012-12-20Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3767.1826 [GMT 7:00].AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\HitmanPro\hmpsched.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exeC:\Windows\SysWOW64\ChgService.exeC:\Program Files\KlikBCA\VPN Client\cvpnd.exeC:\Program Files (x86)\Launch Manager\dsiwmis.exeC:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exeC:\Program Files (x86)\Acer\Registration\GREGsvc.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exeC:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeC:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exeC:\Program Files (x86)\Acer\Acer VCM\RS_Service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Acer\Acer Updater\UpdaterService.exeC:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exeC:\Program Files\Western Digital\WD SmartWare\WDDMService.exeC:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exeC:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Western Digital\WD SmartWare\WDFME.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exeC:\Windows\System32\hkcmd.exeC:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\AthBtTray.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exeC:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXEC:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\EgisTec IPS\PmmUpdate.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exeC:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exeC:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exeC:\Program Files (x86)\Launch Manager\MMDx64Fx.exeC:\Program Files (x86)\Launch Manager\LMworker.exeC:\Program Files\Logitech\SetPoint\x86\SetPoint32.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\Program Files (x86)\EgisTec IPS\EgisUpdate.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exeC:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\DAP\DAP.EXEC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankuDefault_Page_URL = hxxp://acer.msn.commStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={903DB0F2-3634-11E2-BAAA-60EB69AD79E5}mDefault_Page_URL = hxxp://acer.msn.comBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dllBHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dllBHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllBHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\Grabber.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dllTB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllTB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dllTB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [E09AXLRD_9199971] "C:\Program Files (x86)\Microsoft Encarta\Encarta Premium DVD 2009\EDICT.EXE" -muRun: [boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorunmRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -dmRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exemRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exemRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exemRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kmRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exemRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exemRun: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htmIE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htmIE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllLSP: C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.3.6.3\SBLSP.dllTCP: NameServer = 61.247.0.4 202.73.99.4 61.247.0.2TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6} : DHCPNameServer = 61.247.0.4 202.73.99.4 61.247.0.2TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6}\A616B6372657875393 : DHCPNameServer = 202.146.128.3 202.146.128.6 8.8.8.8TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6}\C696E6B6C6F67696374796B67777 : DHCPNameServer = 61.247.0.4 202.73.99.4 61.247.0.2TCP: Interfaces\{1779C239-2258-44B1-9798-BF47B16A50B6}\D454741402B455E494E47414E4 : DHCPNameServer = 110.34.131.90 8.8.8.8TCP: Interfaces\{C29A85B8-E25A-4719-8920-D8B9D12C357D} : DHCPNameServer = 192.168.12.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllName-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dllName-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dllAppInit_DLLs= c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll SSODL: WebCheck - <orphaned>x64-mStart Page = hxxp://acer.msn.comx64-mDefault_Page_URL = hxxp://acer.msn.comx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exex64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exex64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exex64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exex64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservicex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dllx64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=FF - prefs.js: browser.search.selectedEngine - SpeedBit SearchFF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.comFF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=FF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Widyantoko\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dllFF - ExtSQL: 2012-11-20 00:18; daplinkchecker@speedbit.com; C:\Program Files (x86)\DAP\daplinkcheckerFF - ExtSQL: 2012-11-20 00:21; searchpredict@speedbit.com; C:\Program Files (x86)\SearchPredict\PRFireFoxFF - ExtSQL: 2012-11-20 00:21; {0329E7D6-6F54-462D-93F6-F5C3118BADF2}; C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFoxFF - ExtSQL: 2012-11-24 19:55; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFF - ExtSQL: !HIDDEN! 2011-04-29 02:09; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.---- FIREFOX POLICIES ----FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7ea62e5f00000000000002f46a68a3eb&q=FF - user.js: extensions.BabylonToolbar.id - 7ea62e5f00000000000002f46a68a3ebFF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}FF - user.js: extensions.BabylonToolbar.instlDay - 15668FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.819:55:33FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - irhnewFF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - false.============= SERVICES / DRIVERS ===============.R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-29 203264]R2 AntUpdaterService;Ant Toolbar updater service;C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-6-29 520216]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-7-30 52896]R2 Browser Manager;Browser Manager;C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe [2012-12-15 2403352]R2 Change Modem Device Service;Change Modem Device Service;C:\Windows\SysWOW64\ChgService.exe [2011-10-16 135168]R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-8 321104]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-2-22 821792]R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-12-3 108904]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-8 13336]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-3 399432]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-3 676936]R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-29 255744]R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-4-17 144640]R2 ODDPwrSvc;Acer ODD Power Service;C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-9-8 171040]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-8-9 38608]R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-9-8 260640]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-3 13784]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-22 2314240]R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-8 243232]R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-7-30 28832]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-22 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-9-14 158720]R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-10-29 10331840]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-21 76912]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-3 25928]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448]S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-7-30 36000]S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\Windows\System32\drivers\br3gmdm.sys [2008-3-14 114560]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-7-30 295072]S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-7-30 201376]S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-7-30 51872]S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-7-30 154272]S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-7-30 270496]S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;C:\Windows\System32\drivers\cmusbser.sys [2011-10-16 118144]S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-4-17 50432]S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-3 126352]S3 USB_BusEnum_W;EVDO Telecom USB Bus Enumerator w;C:\Windows\System32\drivers\USB_BusEnum_W.sys [2012-7-30 44544]S3 USB_ETS_W;EVDO Rev A Service USB port w;C:\Windows\System32\drivers\USB_ETS_W.sys [2012-7-30 21760]S3 USB_WinMux_W;EVDO Telecom USB MUX Serial Port w;C:\Windows\System32\drivers\USB_WinMux_W.sys [2012-7-30 37376]S3 UsbModemDriver;EVDO Rev A USB Modem w;C:\Windows\System32\drivers\USB_MODEM_W.sys [2012-7-30 28160]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-28 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464].=============== Created Last 30 ================.2012-12-19 18:25:45 -------- d-----w- C:\Program Files (x86)\RealNetworks2012-12-19 18:25:41 -------- d-----w- C:\Users\Widyantoko\AppData\Roaming\RealNetworks2012-12-19 18:24:41 -------- d-----w- C:\ProgramData\RealNetworks2012-12-18 16:22:01 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC55970B-88EC-478E-AE76-AA9E29996955}\mpengine.dll2012-12-12 18:33:47 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe2012-12-12 17:09:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-12-12 17:09:58 2048 ----a-w- C:\Windows\System32\tzres.dll2012-12-12 17:09:37 3147264 ----a-w- C:\Windows\System32\win32k.sys2012-12-12 17:07:56 425984 ----a-w- C:\Windows\System32\KernelBase.dll2012-12-09 04:58:24 -------- d-----r- C:\Program Files (x86)\Skype2012-12-04 11:56:45 -------- d-----w- C:\Users\Widyantoko\AppData\Local\Apps2012-12-04 11:56:43 -------- d-----w- C:\Users\Widyantoko\AppData\Local\Deployment2012-12-02 20:11:12 -------- d-----w- C:\Program Files\HitmanPro2012-12-02 20:09:47 -------- d-----w- C:\ProgramData\HitmanPro2012-12-02 18:16:11 -------- d-----w- C:\Users\Widyantoko\AppData\Roaming\Malwarebytes2012-12-02 18:15:20 -------- d-----w- C:\ProgramData\Malwarebytes2012-12-02 18:15:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-12-02 18:15:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-12-02 09:31:35 -------- d-----w- C:\Users\Widyantoko\AppData\Roaming\EQATEC Analytics2012-12-02 09:30:22 -------- d-----w- C:\Users\Widyantoko\AppData\Local\SpeedBIT2012-11-24 12:55:44 -------- d-----w- C:\ProgramData\Browser Manager2012-11-24 12:54:43 -------- d-----w- C:\ProgramData\Babylon2012-11-24 12:44:20 -------- d-----w- C:\Users\Widyantoko\Tracing2012-11-24 12:43:35 -------- d-----w- C:\ProgramData\SweetIM2012-11-24 12:43:35 -------- d-----w- C:\Program Files (x86)\SweetIM.==================== Find3M ====================.2012-12-12 18:33:58 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-12-12 18:33:58 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-12-02 09:07:43 2560 ----a-w- C:\Windows\_MSRSTRT.EXE2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-05 16:25:51 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-11-05 14:17:16 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-11-05 14:03:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-11-05 14:03:13 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-10-04 14:44:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-09-25 22:39:14 95744 ----a-w- C:\Windows\System32\synceng.dll2012-09-25 21:55:17 78336 ----a-w- C:\Windows\SysWow64\synceng.dll.============= FINISH: 2:04:34.20 ===============Here is my attach log:.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2Install Date: 22-Feb-11 10:04:43 AMSystem Uptime: 20-Dec-12 1:42:46 AM (1 hours ago).Motherboard: Acer | | JM41_CPProcessor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU | 1840/1066mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 582 GiB total, 445.56 GiB free.F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco Systems VPN Adapter for 64-bit WindowsDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco Systems VPN Adapter for 64-bit WindowsPNP Device ID: ROOT\NET\0000Service: CVirtA.==== System Restore Points ===================.RP317: 28-Nov-12 11:21:30 PM - Windows UpdateRP318: 28-Nov-12 11:37:46 PM - Removed Babylon Chrome ToolbarRP319: 29-Nov-12 1:31:02 AM - Windows UpdateRP320: 04-Dec-12 3:20:32 PM - Windows UpdateRP321: 08-Dec-12 12:04:40 AM - Windows UpdateRP322: 11-Dec-12 11:22:31 PM - Windows UpdateRP323: 13-Dec-12 1:48:03 AM - Windows UpdateRP324: 18-Dec-12 11:15:44 PM - Windows Update.==== Installed Programs ======================.64 Bit HP CIO Components Installer7-Zip 9.20 (x64 edition)Acer Arcade DeluxeAcer Arcade MovieAcer Backup ManagerAcer Crystal Eye webcamAcer eRecovery ManagementAcer GameZone ConsoleAcer PowerSmart ManagerAcer RegistrationAcer ScreenSaverAcer UpdaterAcer VCMAcrobat.comAdobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Reader X (10.1.4)Aimersoft Video Converter Pro(Build 4.0.3.0)Airport Mania First FlightAkamai NetSession InterfaceAlcor Micro USB Card ReaderAmazoniaAnt.com IE add-onAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI Catalyst Install ManagerBackup Manager BasicBlackBerry Desktop Software 6.1Bluetooth Win7 Suite (64)Boxoft PDF to PowerPoint (freeware)BufferChmC4400Cake ManiaCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCDDRV_InstallerCopyCoupon Printer for WindowsD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDJ_AIO_06_K209a-z_SW_MinDNE UpdateDocProcDownload Accelerator Plus (DAP)Dream Day First HomeeBay WorldwideEncarta Search Bar (64-bit)ESET Smart SecurityeSobi v2Farm Frenzy 2Free FLV Converter V 7.4.0GalapagoGoogle ChromeGoogle EarthGoogle Talk PluginGoogle Update HelperGPBaseService2Heroes of HellasHitmanPro 3.6HP Customer Participation Program 14.0HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6HP Imaging Device Functions 14.0HP Photo CreationsHP Photosmart C4400 All-In-One Driver Software 13.0 Rel. 3HP Photosmart Essential 3.5HP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPDiagnosticAlertHPPhotoGadgetHPPhotoSmartDiscLabelContent1HPPhotosmartEssentialHPProductAssistantHPSSupplyIdentity CardIntel® Control CenterIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology DriverIntel® Turbo Boost Technology MonitorInternet Explorer Toolbar 4.6 by SweetPacksJunk Mail filter updateK-Lite Codec Pack 7.0.0 (Full)K209a-zKhalInstallWrapperKlikBCA BisnisLaunch ManagerLogitech SetPointMalwarebytes Anti-Malware version 1.65.1.1000MarketResearchMediaShow EspressoMerriam Websters Spell JamMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Encarta Premium 2009Microsoft IntelliPoint 7.1Microsoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Business 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Mozilla Firefox 10.0.2 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyWinLockerMyWinLocker SuiteNorton Online BackupNTI Backup Now 5NTI Backup Now StandardNTI Media Maker 8OCR Software by I.R.I.S. 13.0Optical Drive Power ManagementPandoraRecovery (Remove Only)Pinnacle Video DriverPoker PopPS_AIO_03_C4400_Software_MinPT Agrodana Futures 4.00PX Profile UpdateQuickTime Alternative 3.2.2RealDownloaderRealtek High Definition Audio DriverScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionShop for HP SuppliesShredderSkype™ 6.0SmartWebPrintingSolutionCenterSpeedBit Video AcceleratorSpeedBit Video DownloaderSpin & WinStatusSynaptics Pointing Device DriverToolboxTrayAppUnloadSupportUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate Manager for SweetPacks 1.1WD Drive UtilitiesWD SecurityWD SmartWareWebRegWelcome CenterWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWinRAR 4.00 (64-bit).==== Event Viewer Messages From Past Week ========.19-Dec-12 11:05:08 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..18-Dec-12 11:18:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.2103.0).14-Dec-12 11:55:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.141.1830.0).14-Dec-12 11:47:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ant Toolbar updater service service to connect.14-Dec-12 11:47:18 PM, Error: Service Control Manager [7000] - The Ant Toolbar updater service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.13-Dec-12 11:03:02 PM, Error: RemoteAccess [20106] - Unable to add the interface {6622083D-D10B-4784-B0AE-A710D43EB154} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.13-Dec-12 11:03:02 PM, Error: RemoteAccess [20106] - Unable to add the interface {6622083D-D10B-4784-B0AE-A710D43EB154} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted December 19, 2012 ID:625012 Share Posted December 19, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.Quit all running programs.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 48 hours, please send me a PM) Link to post Share on other sites More sharing options...
widy Posted December 20, 2012 Author ID:625323 Share Posted December 20, 2012 Thanks Mr Charlie, following is the report from the RoqueKiller, and awaiting further instructions:RogueKiller V8.4.0 [Dec 20 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7600 ) 64 bits versionStarted in : Normal modeUser : Widyantoko [Admin rights]Mode : Scan -- Date : 12/21/2012 00:12:21¤¤¤ Bad processes : 2 ¤¤¤[sUSP PATH] mngr.exe -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -> KILLED [TermProc][RESIDUE] mngr.exe -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -> KILLED [TermProc]¤¤¤ Registry Entries : 5 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-786318648-3479563650-2353866451-1000[...]\Run : Boxoft Tools ("C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun) -> FOUND[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++--- User ---[MBR] c1bda02436d8e29af8e118709bba1325[bSP] 75230f6e4a4b1a89ffed74ef58b839ca : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 596042 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_12212012_02d0012.txt >>RKreport[1]_S_12212012_02d0012.txt Link to post Share on other sites More sharing options...
MrCharlie Posted December 20, 2012 ID:625324 Share Posted December 20, 2012 Please download AdwCleaner from here and save it on your Desktop. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.MrC Link to post Share on other sites More sharing options...
widy Posted December 20, 2012 Author ID:625345 Share Posted December 20, 2012 Thanks, Mr. C. Following is the log-file AdwCleaner:# AdwCleaner v2.101 - Logfile created 12/21/2012 at 01:14:02# Updated 16/12/2012 by Xplode# Operating system : Windows 7 Ultimate (64 bits)# User : Widyantoko - WIDY-ACER# Boot Mode : Normal# Running from : C:\Users\Widyantoko_2\Desktop\adwcleaner.exe# Option [search]***** [services] *****Found : Browser Manager***** [Files / Folders] *****File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xmlFile Found : C:\Users\WIDYAN~1\AppData\Local\Temp\Searchqu.iniFile Found : C:\Users\WIDYAN~1\AppData\Local\Temp\searchqutoolbar-manifest.xmlFile Found : C:\Users\WIDYAN~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exeFile Found : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\bprotector_extensions.sqliteFile Found : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFile Found : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\searchplugins\mngr.xmlFile Found : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\searchplugins\Search_Results.xmlFile Found : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\searchplugins\SweetIm.xmlFile Found : C:\Users\Widyantoko_2\AppData\Roaming\Mozilla\Firefox\Profiles\je2m6m1a.default\bprotector_extensions.sqliteFile Found : C:\Users\Widyantoko_2\AppData\Roaming\Mozilla\Firefox\Profiles\je2m6m1a.default\bprotector_prefs.jsFolder Found : C:\Program Files (x86)\SweetIMFolder Found : C:\ProgramData\BabylonFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\ProgramData\Browser ManagerFolder Found : C:\ProgramData\SweetIMFolder Found : C:\Users\WIDYAN~1\AppData\Local\Temp\IminentFolder Found : C:\Users\WIDYAN~1\AppData\Local\Temp\TempDirFolder Found : C:\Users\Widyantoko\AppData\LocalLow\searchqubandFolder Found : C:\Users\Widyantoko\AppData\LocalLow\SweetIMFolder Found : C:\Users\Widyantoko\AppData\LocalLow\Toolbar4Folder Found : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\SweetPacksToolbarDataFolder Found : C:\Users\Widyantoko_2\AppData\LocalLow\searchqubandFolder Found : C:\Users\Widyantoko_2\AppData\LocalLow\SearchqutoolbarFolder Found : C:\Users\Widyantoko_2\AppData\LocalLow\SweetIMFolder Found : C:\Users\Widyantoko_2\AppData\LocalLow\Toolbar4***** [Registry] *****Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dllKey Found : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Found : HKCU\Software\SweetIMKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerKey Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbarKey Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhookKey Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierKey Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplKey Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerKey Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetieKey Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookKey Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\IminentKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Found : HKLM\Software\SweetIMKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}Key Found : HKU\S-1-5-21-786318648-3479563650-2353866451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKU\S-1-5-21-786318648-3479563650-2353866451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Found : HKU\S-1-5-21-786318648-3479563650-2353866451-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.7600.17153[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={903DB0F2-3634-11E2-BAAA-60EB69AD79E5}-\\ Mozilla Firefox v10.0.2 (en-US)Profile name : default File : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\prefs.jsFound : user_pref("extensions.BabylonToolbar.admin", false);Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");Found : user_pref("extensions.BabylonToolbar.excTlbr", false);Found : user_pref("extensions.BabylonToolbar.id", "7ea62e5f00000000000002f46a68a3eb");Found : user_pref("extensions.BabylonToolbar.instlDay", "15668");Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Found : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");Found : user_pref("extensions.BabylonToolbar_i.newTab", true);Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=117023&tt=4712_[...]Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:55:33");Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");Found : user_pref("sweetim.toolbar.Visibility.enable", "true");Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");Found : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");Found : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");Found : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");Found : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");Found : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");Found : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");Found : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");Found : user_pref("sweetim.toolbar.mode.debug", "false");Found : user_pref("sweetim.toolbar.newtab.created", "true");Found : user_pref("sweetim.toolbar.newtab.enable", "true");Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://home.speedbit.com/search.asp[...]Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SpeedBit Search");Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://home.speedbit.com/?s=CBJa205"[...]Found : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");Found : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");Found : user_pref("sweetim.toolbar.scripts.0.enable", "true");Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");Found : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Found : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");Found : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");Found : user_pref("sweetim.toolbar.scripts.2.callback", "");Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");Found : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]Found : user_pref("sweetim.toolbar.search.history.capacity", "10");Found : user_pref("sweetim.toolbar.searchguard.enable", "false");Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");Found : user_pref("sweetim.toolbar.simapp_id", "{903DB0F2-3634-11E2-BAAA-60EB69AD79E5}");Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={903D[...]Found : user_pref("sweetim.toolbar.version", "1.7.0.3");Profile name : default File : C:\Users\Widyantoko_2\AppData\Roaming\Mozilla\Firefox\Profiles\je2m6m1a.default\prefs.jsFound : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=117023&tt=4712_2&babsrc=KW_ss&mntrId=7ea6[...]-\\ Google Chrome v23.0.1271.97File : C:\Users\Widyantoko\AppData\Local\Google\Chrome\User Data\Default\PreferencesFound [l.15] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=117023&tt=4712_2&babsrc=HP_ss&mntrId=7ea62e5f00000000000002f46a68a3eb" ]Found [l.2039] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=117023&tt=4712_2&babsrc=HP_ss&mntrId=7ea62e5f00000000000002f46a68a3eb" ]File : C:\Users\Widyantoko_2\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [23507 octets] - [21/12/2012 01:14:02]########## EOF - \AdwCleaner[R1].txt - [23568 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted December 20, 2012 ID:625351 Share Posted December 20, 2012 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.MrC Link to post Share on other sites More sharing options...
widy Posted December 20, 2012 Author ID:625370 Share Posted December 20, 2012 MrC. Here's the log file, seems all is clear out, isn't it? If it is, thanks a lot..# AdwCleaner v2.101 - Logfile created 12/21/2012 at 02:09:55# Updated 16/12/2012 by Xplode# Operating system : Windows 7 Ultimate (64 bits)# User : Widyantoko - WIDY-ACER# Boot Mode : Normal# Running from : C:\Users\Widyantoko_2\Desktop\adwcleaner.exe# Option [Delete]***** [services] *****Stopped & Deleted : Browser Manager***** [Files / Folders] *****Deleted on reboot : C:\ProgramData\Browser ManagerFile Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xmlFile Deleted : C:\Users\WIDYAN~1\AppData\Local\Temp\Searchqu.iniFile Deleted : C:\Users\WIDYAN~1\AppData\Local\Temp\searchqutoolbar-manifest.xmlFile Deleted : C:\Users\WIDYAN~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exeFile Deleted : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\bprotector_extensions.sqliteFile Deleted : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFile Deleted : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\searchplugins\mngr.xmlFile Deleted : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\searchplugins\Search_Results.xmlFile Deleted : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\searchplugins\SweetIm.xmlFile Deleted : C:\Users\Widyantoko_2\AppData\Roaming\Mozilla\Firefox\Profiles\je2m6m1a.default\bprotector_extensions.sqliteFile Deleted : C:\Users\Widyantoko_2\AppData\Roaming\Mozilla\Firefox\Profiles\je2m6m1a.default\bprotector_prefs.jsFolder Deleted : C:\Program Files (x86)\SweetIMFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\ProgramData\SweetIMFolder Deleted : C:\Users\WIDYAN~1\AppData\Local\Temp\IminentFolder Deleted : C:\Users\WIDYAN~1\AppData\Local\Temp\TempDirFolder Deleted : C:\Users\Widyantoko\AppData\LocalLow\searchqubandFolder Deleted : C:\Users\Widyantoko\AppData\LocalLow\SweetIMFolder Deleted : C:\Users\Widyantoko\AppData\LocalLow\Toolbar4Folder Deleted : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\SweetPacksToolbarDataFolder Deleted : C:\Users\Widyantoko_2\AppData\LocalLow\searchqubandFolder Deleted : C:\Users\Widyantoko_2\AppData\LocalLow\SearchqutoolbarFolder Deleted : C:\Users\Widyantoko_2\AppData\LocalLow\SweetIMFolder Deleted : C:\Users\Widyantoko_2\AppData\LocalLow\Toolbar4***** [Registry] *****Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dllKey Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}Key Deleted : HKCU\Software\SweetIMKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnablerKey Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbarKey Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhookKey Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetieKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookKey Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\IminentKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Deleted : HKLM\Software\SweetIMKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]***** [internet Browsers] *****-\\ Internet Explorer v8.0.7600.17153Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={903DB0F2-3634-11E2-BAAA-60EB69AD79E5} --> hxxp://www.google.com-\\ Mozilla Firefox v10.0.2 (en-US)Profile name : default File : C:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\prefs.jsC:\Users\Widyantoko\AppData\Roaming\Mozilla\Firefox\Profiles\1gp7ew7e.default\user.js ... Deleted !Deleted : user_pref("extensions.BabylonToolbar.admin", false);Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);Deleted : user_pref("extensions.BabylonToolbar.id", "7ea62e5f00000000000002f46a68a3eb");Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15668");Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=117023&tt=4712_[...]Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:55:33");Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10011");Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");Deleted : user_pref("sweetim.toolbar.mode.debug", "false");Deleted : user_pref("sweetim.toolbar.newtab.created", "true");Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://home.speedbit.com/search.asp[...]Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "SpeedBit Search");Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://home.speedbit.com/?s=CBJa205"[...]Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");Deleted : user_pref("sweetim.toolbar.simapp_id", "{903DB0F2-3634-11E2-BAAA-60EB69AD79E5}");Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={903D[...]Deleted : user_pref("sweetim.toolbar.version", "1.7.0.3");Profile name : default File : C:\Users\Widyantoko_2\AppData\Roaming\Mozilla\Firefox\Profiles\je2m6m1a.default\prefs.jsDeleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=117023&tt=4712_2&babsrc=KW_ss&mntrId=7ea6[...]-\\ Google Chrome v23.0.1271.97File : C:\Users\Widyantoko\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID[...]Deleted [l.2039] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.babylon.com/?affID=11[...]File : C:\Users\Widyantoko_2\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [23582 octets] - [21/12/2012 01:14:02]AdwCleaner[s1].txt - [23650 octets] - [21/12/2012 02:09:55]########## EOF - C:\AdwCleaner[s1].txt - [23711 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted December 20, 2012 ID:625375 Share Posted December 20, 2012 If you're happy...so am I!Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
widy Posted December 20, 2012 Author ID:625380 Share Posted December 20, 2012 Thanks a million , Mr. C...!!!!! Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 21, 2012 ID:625645 Share Posted December 21, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts