Jump to content

Recommended Posts

today i found a folder named "DCLOGS". it contains *.dc files.i opened the file with the help of notepad and i found it contains keystrokes(keylogger).so i ggogled it for the solution then i came to about this site

 

http://forums.malwarebytes.org/index.php?s=d4c32d437eb2dc609b5281b7552420a0&showtopic=126259&hl=

 

with the help of that thread i used the removal tools and the report is

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by KRISNA on Sat 07/06/2013 at 17:42:51.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3225826
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\KRISNA\AppData\Roaming\mozilla\firefox\profiles\rm0n9d2r.default-1370111589029\user.js
Emptied folder: C:\Users\KRISNA\AppData\Roaming\mozilla\firefox\profiles\rm0n9d2r.default-1370111589029\minidumps [8 files]



~~~ Chrome

Failed to delete: [Folder] C:\Users\KRISNA\appdata\local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Folder] C:\Users\KRISNA\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/06/2013 at 17:44:48.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.06.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
KRISNA :: KRISNA-PC [administrator]

Protection: Enabled

7/6/2013 6:05:49 PM
mbam-log-2013-07-06 (18-05-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202277
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Detected: 3
C:\Users\KRISNA\AppData\Roaming\regsvr.exe (Worm.AutoRun) -> 2780 -> Delete on reboot.
C:\Users\KRISNA\AppData\Roaming\FolderName\FileName.exe (Trojan.Agent) -> 3296 -> Delete on reboot.
C:\Users\KRISNA\AppData\Roaming\FolderName\FileName.exe (Trojan.Agent) -> 3304 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Msn Messsenger (Worm.AutoRun) -> Data: C:\Users\KRISNA\AppData\Roaming\regsvr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Trojan.Delf) -> Data: C:\Users\KRISNA\AppData\Roaming\install\turner.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Servicems (Trojan.Agent) -> Data: C:\Users\KRISNA\AppData\Roaming\FolderName\FileName.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yahoo Messsenger (Trojan.Agent) -> Data: C:\Users\KRISNA\AppData\Roaming\support\svchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\KRISNA\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 248
C:\Users\KRISNA\AppData\Roaming\regsvr.exe (Worm.AutoRun) -> Delete on reboot.
C:\Users\KRISNA\AppData\Roaming\install\turner.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\msconfig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\22222.exe (Rogue.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\FolderName\FileName.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-07-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-09-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-10-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-11-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-12-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-14-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-15-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-16-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-17-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-18-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-19-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-20-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-21-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-26-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-27-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-29-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-08-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-09-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-16-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-17-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-18-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-20-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-21-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-22-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-23-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-24-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-25-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-26-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-27-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-28-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-29-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-30-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-03-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-04-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-05-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-06-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-08-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-09-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-11-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-18-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-24-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-10-25-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-11-19-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-07-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-25-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-11-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-29-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-17-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-09-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-30-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-18-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-13-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-05-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-26-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-30-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2012-12-31-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-01-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-03-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-04-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-05-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-06-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-08-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-09-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-10-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-12-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-13-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-14-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-15-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-16-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-17-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-18-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-19-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-20-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-21-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-22-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-23-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-24-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-25-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-26-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-27-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-28-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-01-30-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-01-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-02-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-06-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-09-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-10-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-18-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-19-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-20-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-22-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-23-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-24-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-26-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-27-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-02-28-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-01-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-02-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-03-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-04-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-05-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-06-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-07-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-08-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-10-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-17-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-18-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-21-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-22-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-23-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-24-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-25-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-26-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-28-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-29-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-03-31-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-01-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-02-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-03-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-04-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-05-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-06-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-07-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-08-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-09-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-10-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-11-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-12-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-13-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-15-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-16-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-17-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-19-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-22-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-23-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-27-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-28-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-29-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-04-30-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-01-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-02-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-04-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-05-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-06-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-07-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-08-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-09-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-11-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-12-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-14-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-17-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-18-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-19-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-21-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-22-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-23-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-24-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-25-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-26-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-27-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-28-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-29-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-30-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-05-31-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-01-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-02-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-06-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-07-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-08-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-09-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-10-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-12-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-13-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-14-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-15-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-16-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-17-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-18-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-19-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-20-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-21-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-22-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-23-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-24-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-25-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-26-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-27-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-28-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-29-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-06-30-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-07-01-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-07-02-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-07-03-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-07-05-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\dclogs\2013-07-06-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\KRISNA\AppData\Roaming\KRISNA-wchelper.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)
 

 

# AdwCleaner v2.304 - Logfile created 07/06/2013 at 18:32:30
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : KRISNA - KRISNA-PC
# Boot Mode : Normal
# Running from : C:\Users\KRISNA\Desktop\adwcleaner.exe
# Option [search]


***** [services] *****


***** [Files / Folders] *****

File Found : C:\Users\KRISNA\AppData\Roaming\Mozilla\Firefox\Profiles\rm0n9d2r.default-1370111589029\searchplugins\Mysearchdial.xml
File Found : C:\Users\KRISNA\AppData\Roaming\Mozilla\Firefox\Profiles\si61ixh6.default\searchplugins\Mysearchdial.xml
Folder Found : C:\Users\KRISNA\AppData\Roaming\Mozilla\Firefox\Profiles\si61ixh6.default\extensions\staged
Folder Found : C:\Users\KRISNA\AppData\Roaming\Mysearchdial

***** [Registry] *****

Key Found : HKCU\Software\BI
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385




-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\KRISNA\AppData\Roaming\Mozilla\Firefox\Profiles\rm0n9d2r.default-1370111589029\prefs.js

Found : user_pref("extensions.mysearchdial.aflt", "solimmsd");
Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0ByByB0BtC0AyByBzyyDtCzyzztN0D0Tzu0Cy[...]
Found : user_pref("extensions.mysearchdial.cntry", "IN");
Found : user_pref("extensions.mysearchdial.cr", "822092270");
Found : user_pref("extensions.mysearchdial.dfltLng", "");
Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Found : user_pref("extensions.mysearchdial.dnsErr", true);
Found : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,6[...]
Found : user_pref("extensions.mysearchdial.excTlbr", false);
Found : user_pref("extensions.mysearchdial.hdrMd5", "5E0520D13D88B2D6216865DB5AD05F01");
Found : user_pref("extensions.mysearchdial.hmpg", true);

Found : user_pref("extensions.mysearchdial.id", "001B77B1A7795198");
Found : user_pref("extensions.mysearchdial.instlDay", "15863");
Found : user_pref("extensions.mysearchdial.instlRef", "");

Found : user_pref("extensions.mysearchdial.lastVrsnTs", "0:31:14");

Found : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"19\",\"lastVrsn\":\"19\",\"vrsnLoad\":[...]
Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Found : user_pref("extensions.mysearchdial.sg", "none");
Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Found : user_pref("extensions.mysearchdial.tlbrId", "base");

Found : user_pref("extensions.mysearchdial.vrsn", "");
Found : user_pref("extensions.mysearchdial.vrsni", "");
Found : user_pref("extensions.mysearchdial_i.hmpg", true);
Found : user_pref("extensions.mysearchdial_i.newTab", false);
Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Found : user_pref("extensions.mysearchdial_i.vrsnTs", "0:31:14");

File : C:\Users\KRISNA\AppData\Roaming\Mozilla\Firefox\Profiles\si61ixh6.default\prefs.js


Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\KRISNA\AppData\Local\Google\Chrome\User Data\Default\Preferences


Found [l.39] : keyword = "mysearchdial.com",




*************************

AdwCleaner[R1].txt - [8516 octets] - [06/07/2013 18:32:30]

########## EOF - C:\AdwCleaner[R1].txt - [8576 octets] ##########
 

 

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : KRISNA [Admin rights]
Mode : Scan -- Date : 07/06/2013 18:42:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Server (C:\Program Files\Java\jre7\bin\javaw -jar "C:\Users\KRISNA\AppData\Local\Temp\Server1185020945428130201.jar" [x][x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : HCDKLL (C:\Program Files\Java\jre7\bin\javaw -jar "C:\Users\KRISNA\AppData\Local\Temp\HCDKLL670249742364361346.jar" [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2379325948-429099794-1156603448-1000\[...]\Run : Server (C:\Program Files\Java\jre7\bin\javaw -jar "C:\Users\KRISNA\AppData\Local\Temp\Server1185020945428130201.jar" [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2379325948-429099794-1156603448-1000\[...]\Run : HCDKLL (C:\Program Files\Java\jre7\bin\javaw -jar "C:\Users\KRISNA\AppData\Local\Temp\HCDKLL670249742364361346.jar" [x][x]) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (85.214.214.87:3128) -> FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobeereg.com

127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8037GSX ATA Device +++++
--- User ---
[MBR] 0845b04341274bc9cd17be99c3e7d598
[bSP] 0447730c270fd244475aa5f519bf417c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 25709 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 52859581 | Size: 50498 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07062013_184239.txt >>




Please help me ....am i still infected?  

Thanks in advance

Link to post
Share on other sites

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobeereg.com

127.0.0.1 125.252.224.90

127.0.0.1 125.252.224.91

127.0.0.1 hl2rcv.adobe.com

 

These host entries indicate that you have illegal/cracked software (Adobe) on the system.

Have you read the policy on Piracy:

http://forums.malwarebytes.org/index.php?showtopic=97700

MrC

Link to post
Share on other sites

RogueKiller V8.6.2 [Jul  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : KRISNA [Admin rights]
Mode : Remove -- Date : 07/06/2013 21:51:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (85.214.214.87:3128) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\CCSet\[...]\{82113CBC-D3EC-4245-9988-8B43FFB02D02} : NameServer (10.228.129.113 10.228.129.114) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\CS002\[...]\{82113CBC-D3EC-4245-9988-8B43FFB02D02} : NameServer (10.228.129.113 10.228.129.114) -> NOT REMOVED, USE DNSFIX

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8037GSX ATA Device +++++
--- User ---
[MBR] 0845b04341274bc9cd17be99c3e7d598
[bSP] 0447730c270fd244475aa5f519bf417c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 25709 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 52859581 | Size: 50498 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07062013_215144.txt >>
RKreport[0]_S_07062013_184239.txt;RKreport[0]_S_07062013_215129.txt


 

Link to post
Share on other sites

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.