Sean25 Posted August 6, 2013 ID:711487 Share Posted August 6, 2013 Hello, Ive went ahead and noticed another thread that was already solved with this virus. I did notice NOT to use that persons fix but I did go ahead and start the process and gotten the two files yous required in that thread. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013Ran by SYSTEM on 06-08-2013 00:01:55Running from J:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\RunOnce: [asdsetup] - C:\asdsetup.exe [25865008 2013-08-05] ()HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exeHKU\Test\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg [80384 2013-08-05] (Valve Corporation) <===== ATTENTIONHKU\Test\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe [514952 2013-06-11] (Adobe Systems Incorporated)HKU\Test\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)HKU\Test\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Test\...\Command Processor: "C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg" <===== ATTENTION!Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnkShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Services (Whitelisted) ================= S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)S2 DnsBasic Service; C:\Program Files (x86)\DnsBasic\dnsbasic.exe [22528 2013-07-22] ()S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)S3 mfeavfk01; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-06 00:01 - 2013-08-06 00:01 - 00000000 ____D C:\FRST2013-08-05 18:09 - 2013-08-05 18:18 - 00000000 ____D C:\.Trash-02013-08-05 17:59 - 2013-08-05 18:00 - 25865008 _____ C:\asdsetup.exe2013-08-05 17:25 - 2013-08-05 17:25 - 67108864 _____ C:\Windows\System32\config\SOFTWARE.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 00786432 _____ C:\Windows\System32\config\DEFAULT.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv2013-08-05 17:16 - 2013-08-05 17:16 - 00000000 ____D C:\$Anvi Rescue Disk$2013-08-05 14:19 - 2013-08-05 14:19 - 01097690 _____ C:\Users\Test\AppData\Roaming\2433f4332013-08-05 14:19 - 2013-08-05 14:19 - 01097638 _____ C:\Users\Test\AppData\Local\2433f4332013-08-02 04:55 - 2013-08-02 04:55 - 00288680 _____ C:\Users\Test\Downloads\Setup.exe2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Downloads\amerihealth logo2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Desktop\amerihealth logo2013-07-27 06:16 - 2013-07-27 06:16 - 00300808 _____ (StarApp) C:\Users\Test\Downloads\DownloadSetup (2).exe2013-07-24 16:13 - 2013-07-24 16:16 - 00000000 ____D C:\ProgramData\DnsBasic2013-07-24 16:13 - 2013-07-24 16:16 - 00000000 ____D C:\Program Files (x86)\DnsBasic2013-07-24 16:13 - 2013-07-24 16:13 - 00003666 _____ C:\Windows\System32\Tasks\Test TimeTrigger2013-07-24 16:13 - 2013-07-24 16:13 - 00000000 _____ C:\ProgramData\3c2c202042223a_c2013-07-24 16:03 - 2013-07-31 08:10 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-07-24 16:02 - 2013-08-05 19:01 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-07-24 16:02 - 2013-08-05 16:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-07-24 16:02 - 2013-07-24 16:02 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-07-24 16:02 - 2013-07-24 16:02 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Deployment2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Apps\2.02013-07-24 15:54 - 2013-08-05 15:55 - 00000286 _____ C:\Windows\Tasks\Dealply.job2013-07-24 15:54 - 2013-07-24 16:59 - 00000000 ____D C:\Program Files (x86)\DealPlyLive2013-07-24 15:54 - 2013-07-24 15:59 - 00000000 ____D C:\Program Files (x86)\DealPly2013-07-24 15:54 - 2013-07-24 15:54 - 00003222 _____ C:\Windows\System32\Tasks\Dealply2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\Documents\PC Speed Maximizer2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dealply2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Local\DealPlyLive2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\ProgramData\DealPlyLive2013-07-24 15:49 - 2013-07-24 16:18 - 00000000 ____D C:\Program Files (x86)\MyPC Backup2013-07-24 15:49 - 2013-07-24 15:54 - 00001180 _____ C:\Users\Test\Desktop\TeamViewer 8.lnk2013-07-24 15:49 - 2013-07-24 15:50 - 00000000 ____D C:\Users\Test\AppData\Roaming\SmartPCFix2013-07-15 14:13 - 2013-07-26 15:42 - 00021111 _____ C:\Users\Test\Desktop\jen.odt2013-07-15 13:29 - 2013-07-15 14:00 - 00021108 _____ C:\Users\Test\Desktop\jen need shiter.odt2013-07-09 23:06 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-07-09 23:06 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-07-09 23:06 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-07-09 23:06 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-07-09 23:06 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-07-09 23:06 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-07-09 23:06 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-07-09 23:06 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-07-09 23:06 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-07-09 23:06 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-07-09 23:06 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-07-09 23:06 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-07-09 23:06 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-07-09 23:06 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-07-09 23:06 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-07-09 23:06 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-07-09 23:06 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-07-09 23:06 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-07-09 23:06 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-07-09 23:06 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-07-09 23:06 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-07-09 23:06 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-07-09 23:06 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-07-09 23:06 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-07-09 23:06 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-07-09 19:48 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-07-09 19:48 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll2013-07-09 19:48 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2013-07-09 19:48 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL2013-07-09 19:48 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-07-09 19:47 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2013-07-09 19:47 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\TeamViewer_Setup_en.exe2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\dmtempdownload15C525BDE52EEC42B9666C6E55902916.tmp2013-07-07 14:25 - 2013-07-07 14:25 - 00000804 _____ C:\Users\Test\Downloads\InvoiceSummary_982083.csv2013-07-07 14:24 - 2013-07-07 14:24 - 00002203 _____ C:\Users\Test\Downloads\InvoiceDivisionSummary_982084.csv ==================== One Month Modified Files and Folders ======= 2013-08-05 19:41 - 2009-07-13 20:51 - 00047448 _____ C:\Windows\setupact.log2013-08-05 19:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-05 19:02 - 2012-10-25 16:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-05 19:01 - 2013-07-24 16:02 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-05 18:18 - 2013-08-05 18:09 - 00000000 ____D C:\.Trash-02013-08-05 18:00 - 2013-08-05 17:59 - 25865008 _____ C:\asdsetup.exe2013-08-05 17:25 - 2013-08-05 17:25 - 67108864 _____ C:\Windows\System32\config\SOFTWARE.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 00786432 _____ C:\Windows\System32\config\DEFAULT.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv2013-08-05 17:25 - 2011-08-07 15:44 - 00000000 ____D C:\users\Test2013-08-05 17:16 - 2013-08-05 17:16 - 00000000 ____D C:\$Anvi Rescue Disk$2013-08-05 17:01 - 2011-08-07 18:21 - 01657352 _____ C:\Windows\WindowsUpdate.log2013-08-05 17:01 - 2009-07-13 20:45 - 00014816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-05 17:01 - 2009-07-13 20:45 - 00014816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-05 17:00 - 2009-07-13 21:13 - 00794686 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-05 16:07 - 2013-07-24 16:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-05 15:55 - 2013-07-24 15:54 - 00000286 _____ C:\Windows\Tasks\Dealply.job2013-08-05 14:43 - 2012-05-30 11:33 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2490640244-3687583543-2216658516-1000UA.job2013-08-05 14:43 - 2012-05-30 11:33 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2490640244-3687583543-2216658516-1000Core.job2013-08-05 14:19 - 2013-08-05 14:19 - 01097690 _____ C:\Users\Test\AppData\Roaming\2433f4332013-08-05 14:19 - 2013-08-05 14:19 - 01097638 _____ C:\Users\Test\AppData\Local\2433f4332013-08-04 16:02 - 2012-09-11 12:50 - 00001824 _____ C:\Users\Public\Desktop\Verizon Internet Security Suite.lnk2013-08-02 04:55 - 2013-08-02 04:55 - 00288680 _____ C:\Users\Test\Downloads\Setup.exe2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Downloads\amerihealth logo2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Desktop\amerihealth logo2013-07-31 08:10 - 2013-07-24 16:03 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-07-27 15:15 - 2013-04-08 11:17 - 00000000 ____D C:\Users\Test\AppData\Roaming\HpUpdate2013-07-27 06:16 - 2013-07-27 06:16 - 00300808 _____ (StarApp) C:\Users\Test\Downloads\DownloadSetup (2).exe2013-07-26 15:42 - 2013-07-15 14:13 - 00021111 _____ C:\Users\Test\Desktop\jen.odt2013-07-24 16:59 - 2013-07-24 15:54 - 00000000 ____D C:\Program Files (x86)\DealPlyLive2013-07-24 16:18 - 2013-07-24 15:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup2013-07-24 16:17 - 2011-10-19 13:56 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-07-24 16:17 - 2011-08-08 06:26 - 01775896 _____ C:\Windows\PFRO.log2013-07-24 16:17 - 2009-07-13 20:45 - 00315952 _____ C:\Windows\System32\FNTCACHE.DAT2013-07-24 16:16 - 2013-07-24 16:13 - 00000000 ____D C:\ProgramData\DnsBasic2013-07-24 16:16 - 2013-07-24 16:13 - 00000000 ____D C:\Program Files (x86)\DnsBasic2013-07-24 16:13 - 2013-07-24 16:13 - 00003666 _____ C:\Windows\System32\Tasks\Test TimeTrigger2013-07-24 16:13 - 2013-07-24 16:13 - 00000000 _____ C:\ProgramData\3c2c202042223a_c2013-07-24 16:08 - 2013-01-31 11:49 - 00000000 ____D C:\ProgramData\Yahoo!2013-07-24 16:06 - 2012-09-15 14:24 - 00000000 ____D C:\Users\Test\AppData\Local\Conduit2013-07-24 16:04 - 2013-06-23 04:40 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog2013-07-24 16:03 - 2011-08-20 13:30 - 00000000 ____D C:\Program Files (x86)\Google2013-07-24 16:02 - 2013-07-24 16:02 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-07-24 16:02 - 2013-07-24 16:02 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Deployment2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Apps\2.02013-07-24 16:02 - 2011-08-17 13:22 - 00069552 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT2013-07-24 15:59 - 2013-07-24 15:54 - 00000000 ____D C:\Program Files (x86)\DealPly2013-07-24 15:54 - 2013-07-24 15:54 - 00003222 _____ C:\Windows\System32\Tasks\Dealply2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\Documents\PC Speed Maximizer2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dealply2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Local\DealPlyLive2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\ProgramData\DealPlyLive2013-07-24 15:54 - 2013-07-24 15:49 - 00001180 _____ C:\Users\Test\Desktop\TeamViewer 8.lnk2013-07-24 15:50 - 2013-07-24 15:49 - 00000000 ____D C:\Users\Test\AppData\Roaming\SmartPCFix2013-07-24 15:49 - 2011-08-26 13:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer2013-07-22 10:37 - 2012-04-25 14:18 - 00000000 ____D C:\Users\Test\Documents\My Investigations2013-07-19 14:42 - 2012-09-11 12:48 - 00000000 ____D C:\Program Files (x86)\McAfee2013-07-15 14:00 - 2013-07-15 13:29 - 00021108 _____ C:\Users\Test\Desktop\jen need shiter.odt2013-07-14 17:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-07-10 15:29 - 2013-02-27 14:02 - 00022426 _____ C:\Users\Test\Documents\Sarbjit new resume.odt2013-07-09 23:28 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal2013-07-09 23:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-07-09 23:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-07-09 23:07 - 2011-08-07 16:16 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\TeamViewer_Setup_en.exe2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\dmtempdownload15C525BDE52EEC42B9666C6E55902916.tmp2013-07-08 04:39 - 2013-06-23 04:36 - 00000000 _____ C:\END2013-07-07 14:25 - 2013-07-07 14:25 - 00000804 _____ C:\Users\Test\Downloads\InvoiceSummary_982083.csv2013-07-07 14:24 - 2013-07-07 14:24 - 00002203 _____ C:\Users\Test\Downloads\InvoiceDivisionSummary_982084.csv Files to move or delete:====================C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfgC:\Users\Test\GoToAssistDownloadHelper.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-24 15:00:28Restore point made on: 2013-03-25 23:00:18Restore point made on: 2013-03-31 15:00:51Restore point made on: 2013-04-07 15:00:44Restore point made on: 2013-04-08 11:19:46Restore point made on: 2013-04-10 23:00:53Restore point made on: 2013-04-14 15:00:57Restore point made on: 2013-04-21 15:00:46Restore point made on: 2013-04-23 23:00:37Restore point made on: 2013-04-28 15:00:46Restore point made on: 2013-05-05 15:00:29Restore point made on: 2013-05-12 15:00:46Restore point made on: 2013-05-14 23:00:41Restore point made on: 2013-05-19 15:00:43Restore point made on: 2013-05-26 15:01:42Restore point made on: 2013-06-02 15:01:01Restore point made on: 2013-06-06 09:56:26Restore point made on: 2013-06-09 15:00:32Restore point made on: 2013-06-11 23:00:23Restore point made on: 2013-06-16 15:00:46Restore point made on: 2013-06-23 15:00:47Restore point made on: 2013-06-24 23:00:23Restore point made on: 2013-06-25 14:17:17Restore point made on: 2013-06-25 14:18:49Restore point made on: 2013-06-30 15:00:52Restore point made on: 2013-07-07 15:00:41Restore point made on: 2013-07-09 23:00:30Restore point made on: 2013-07-14 15:00:46Restore point made on: 2013-07-15 13:07:09Restore point made on: 2013-07-21 15:00:44Restore point made on: 2013-07-24 16:07:34Restore point made on: 2013-07-28 15:00:48Restore point made on: 2013-08-04 15:00:33 ==================== Memory info =========================== Percentage of memory in use: 11%Total physical RAM: 6134.23 MBAvailable physical RAM: 5416.95 MBTotal Pagefile: 6132.38 MBAvailable Pagefile: 5413.44 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:455.1 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]Drive d: () (Fixed) (Total:13.66 GB) (Free:0.01 GB) FAT32 (Disk=0 Partition=2)Drive j: () (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT32 (Disk=5 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1549F232)Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14 GB) - (Type=0C) ========================================================Disk: 5 (Size: 962 MB) (Disk ID: 73696D20)No partition Table on disk 5. LastRegBack: 2013-08-01 20:28 ==================== End Of Log ============================ and heres the services.exe Farbar Recovery Scan Tool (x64) Version: 05-08-2013Ran by SYSTEM at 2013-08-06 00:05:17Running from J:\Boot Mode: Recovery ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711489 Share Posted August 6, 2013 Looking at it now. -dfb Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711491 Share Posted August 6, 2013 Okay this should get you going. Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txt HKU\Test\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg [80384 2013-08-05] (Valve Corporation) <===== ATTENTIONHKU\Test\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONHKU\Test\...\Command Processor: "C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg" <===== ATTENTION!2013-08-05 14:19 - 2013-08-05 14:19 - 01097690 _____ C:\Users\Test\AppData\Roaming\2433f4332013-08-05 14:19 - 2013-08-05 14:19 - 01097638 _____ C:\Users\Test\AppData\Local\2433f433C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfgC:\Users\Test\GoToAssistDownloadHelper.exeNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
Sean25 Posted August 6, 2013 Author ID:711500 Share Posted August 6, 2013 It worked outstanding. Ive also ran the Rogue killer and adwcleaner from the other post too here are the results. RogueKiller V8.6.5 [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Test [Admin rights]Mode : Scan -- Date : 08/06/2013 00:30:11| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\Test\AppData\Local\Temp\symhiws\scnipyp\wow64.dll [x]) -> FOUND ¤¤¤ Scheduled tasks : 3 ¤¤¤[V1][sUSP PATH] Dealply.job : C:\Users\Test\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [7] -> FOUND[V2][sUSP PATH] Dealply : C:\Users\Test\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [7] -> FOUND[V2][sUSP PATH] Test TimeTrigger : C:\Users\Test\AppData\Local\Temp\Runner.exe - C:\Users\Test\AppData\Local\Temp\DNS.exe [-][-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] cf0e677bdb3f1426b5deeb3f61d1cbf3[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08062013_003011.txt >> Heres the first scan of adw # AdwCleaner v2.306 - Logfile created 08/06/2013 at 00:33:18# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Test - TEST-PC# Boot Mode : Normal# Running from : C:\Users\Test\Desktop\adwcleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\ENDFile Found : C:\Users\Test\AppData\Local\Temp\Searchqu.iniFile Found : C:\Users\Test\AppData\Local\Temp\searchqutoolbar-manifest.xmlFile Found : C:\Users\Test\AppData\Local\Temp\SetupDataMngr_Searchqu.exeFile Found : C:\Users\Test\AppData\Local\Temp\Uninstall.exeFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\Program Files (x86)\DealPlyFolder Found : C:\Program Files (x86)\DealPlyLiveFolder Found : C:\Program Files (x86)\DnsBasicFolder Found : C:\Program Files (x86)\FLV_RunnerFolder Found : C:\Program Files (x86)\OAppsFolder Found : C:\ProgramData\BabylonFolder Found : C:\ProgramData\boost_interprocessFolder Found : C:\ProgramData\DealPlyLiveFolder Found : C:\ProgramData\DnsBasicFolder Found : C:\ProgramData\IminentFolder Found : C:\ProgramData\PremiumFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\ProgramData\TheBflixFolder Found : C:\Users\Test\AppData\Local\APNFolder Found : C:\Users\Test\AppData\Local\ConduitFolder Found : C:\Users\Test\AppData\Local\Deal VaultFolder Found : C:\Users\Test\AppData\Local\DealPlyLiveFolder Found : C:\Users\Test\AppData\Local\Ilivid PlayerFolder Found : C:\Users\Test\AppData\Local\PackageAwareFolder Found : C:\Users\Test\AppData\Local\Temp\AirInstallerFolder Found : C:\Users\Test\AppData\Local\Temp\AskSearchFolder Found : C:\Users\Test\AppData\LocalLow\Claro LTDFolder Found : C:\Users\Test\AppData\LocalLow\ConduitFolder Found : C:\Users\Test\AppData\LocalLow\FLV_RunnerFolder Found : C:\Users\Test\AppData\LocalLow\PriceGongFolder Found : C:\Users\Test\AppData\LocalLow\searchqubandFolder Found : C:\Users\Test\AppData\LocalLow\SearchqutoolbarFolder Found : C:\Users\Test\AppData\LocalLow\TheBflixFolder Found : C:\Users\Test\AppData\Roaming\BabylonFolder Found : C:\Users\Test\AppData\Roaming\DealPly ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\FLV_RunnerKey Found : HKCU\Software\AppDataLow\Software\PriceGongKey Found : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\Cr_InstallerKey Found : HKCU\Software\DataMngrKey Found : HKCU\Software\IminentKey Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\520888ce26aed14Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Found : HKLM\SOFTWARE\Classes\Prod.capKey Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298580Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\FLV_RunnerKey Found : HKLM\Software\IminentKey Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\SOFTWARE\Wow6432Node\520888ce26aed14Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3120D130-023B-4E8B-A913-FAC9A5C8E46D}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner ToolbarKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPKey Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Found : HKLM\SOFTWARE\DataMngrKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdaterKey Found : HKLM\SOFTWARE\Tarma InstallerKey Found : HKU\S-1-5-21-2490640244-3687583543-2216658516-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKU\S-1-5-21-2490640244-3687583543-2216658516-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3BBD3C14-4C16-4989-8366-95BC9179779D}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.29] : keyword = "ask.com", ************************* AdwCleaner[R1].txt - [18770 octets] - [06/08/2013 00:33:18] ########## EOF - C:\AdwCleaner[R1].txt - [18831 octets] ########## Heres the deletion of the ADW AdwCleaner v2.306 - Logfile created 08/06/2013 at 00:34:19# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Test - TEST-PC# Boot Mode : Normal# Running from : C:\Users\Test\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\DnsBasicFile Deleted : C:\ENDFile Deleted : C:\Users\Test\AppData\Local\Temp\Searchqu.iniFile Deleted : C:\Users\Test\AppData\Local\Temp\searchqutoolbar-manifest.xmlFile Deleted : C:\Users\Test\AppData\Local\Temp\SetupDataMngr_Searchqu.exeFile Deleted : C:\Users\Test\AppData\Local\Temp\Uninstall.exeFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\DealPlyFolder Deleted : C:\Program Files (x86)\DealPlyLiveFolder Deleted : C:\Program Files (x86)\FLV_RunnerFolder Deleted : C:\Program Files (x86)\OAppsFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\ProgramData\DealPlyLiveFolder Deleted : C:\ProgramData\DnsBasicFolder Deleted : C:\ProgramData\IminentFolder Deleted : C:\ProgramData\PremiumFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\ProgramData\TheBflixFolder Deleted : C:\Users\Test\AppData\Local\APNFolder Deleted : C:\Users\Test\AppData\Local\ConduitFolder Deleted : C:\Users\Test\AppData\Local\Deal VaultFolder Deleted : C:\Users\Test\AppData\Local\DealPlyLiveFolder Deleted : C:\Users\Test\AppData\Local\Ilivid PlayerFolder Deleted : C:\Users\Test\AppData\Local\PackageAwareFolder Deleted : C:\Users\Test\AppData\Local\Temp\AirInstallerFolder Deleted : C:\Users\Test\AppData\Local\Temp\AskSearchFolder Deleted : C:\Users\Test\AppData\LocalLow\Claro LTDFolder Deleted : C:\Users\Test\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Test\AppData\LocalLow\FLV_RunnerFolder Deleted : C:\Users\Test\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Test\AppData\LocalLow\searchqubandFolder Deleted : C:\Users\Test\AppData\LocalLow\SearchqutoolbarFolder Deleted : C:\Users\Test\AppData\LocalLow\TheBflixFolder Deleted : C:\Users\Test\AppData\Roaming\BabylonFolder Deleted : C:\Users\Test\AppData\Roaming\DealPly ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\FLV_RunnerKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbarKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\Cr_InstallerKey Deleted : HKCU\Software\DataMngrKey Deleted : HKCU\Software\IminentKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettingsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\520888ce26aed14Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exeKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\FLV_RunnerKey Deleted : HKLM\Software\IminentKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Wow6432Node\520888ce26aed14Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3120D130-023B-4E8B-A913-FAC9A5C8E46D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner ToolbarKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPKey Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Key Deleted : HKLM\SOFTWARE\DataMngrKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdaterKey Deleted : HKLM\SOFTWARE\Tarma InstallerValue Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3BBD3C14-4C16-4989-8366-95BC9179779D}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.29] : keyword = "ask.com", ************************* AdwCleaner[R1].txt - [18795 octets] - [06/08/2013 00:33:18]AdwCleaner[s1].txt - [315 octets] - [06/08/2013 00:33:54]AdwCleaner[s2].txt - [18880 octets] - [06/08/2013 00:34:19] ########## EOF - C:\AdwCleaner[s2].txt - [18941 octets] ########## Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 6, 2013 ID:711505 Share Posted August 6, 2013 Glad to hear you can boot. Let's start getting rid of the rest of it. ----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 9, 2013 Root Admin ID:712964 Share Posted August 9, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts