Jump to content

ICE Virus


Recommended Posts

Hello, Ive went ahead and noticed another thread that was already solved with this virus. I did notice NOT to use that persons fix but I did go ahead and start the process and gotten the two files yous required in that thread.

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by SYSTEM on 06-08-2013 00:01:55
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\RunOnce: [asdsetup] - C:\asdsetup.exe [25865008 2013-08-05] ()
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe
HKU\Test\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg [80384 2013-08-05] (Valve Corporation) <===== ATTENTION
HKU\Test\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe [514952 2013-06-11] (Adobe Systems Incorporated)
HKU\Test\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\Test\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Test\...\Command Processor: "C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg" <===== ATTENTION!
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 
==================== Services (Whitelisted) =================
 
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 DnsBasic Service; C:\Program Files (x86)\DnsBasic\dnsbasic.exe [22528 2013-07-22] ()
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-08-06 00:01 - 2013-08-06 00:01 - 00000000 ____D C:\FRST
2013-08-05 18:09 - 2013-08-05 18:18 - 00000000 ____D C:\.Trash-0
2013-08-05 17:59 - 2013-08-05 18:00 - 25865008 _____ C:\asdsetup.exe
2013-08-05 17:25 - 2013-08-05 17:25 - 67108864 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 00786432 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-08-05 17:16 - 2013-08-05 17:16 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-05 14:19 - 2013-08-05 14:19 - 01097690 _____ C:\Users\Test\AppData\Roaming\2433f433
2013-08-05 14:19 - 2013-08-05 14:19 - 01097638 _____ C:\Users\Test\AppData\Local\2433f433
2013-08-02 04:55 - 2013-08-02 04:55 - 00288680 _____ C:\Users\Test\Downloads\Setup.exe
2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Downloads\amerihealth logo
2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Desktop\amerihealth logo
2013-07-27 06:16 - 2013-07-27 06:16 - 00300808 _____ (StarApp) C:\Users\Test\Downloads\DownloadSetup (2).exe
2013-07-24 16:13 - 2013-07-24 16:16 - 00000000 ____D C:\ProgramData\DnsBasic
2013-07-24 16:13 - 2013-07-24 16:16 - 00000000 ____D C:\Program Files (x86)\DnsBasic
2013-07-24 16:13 - 2013-07-24 16:13 - 00003666 _____ C:\Windows\System32\Tasks\Test TimeTrigger
2013-07-24 16:13 - 2013-07-24 16:13 - 00000000 _____ C:\ProgramData\3c2c202042223a_c
2013-07-24 16:03 - 2013-07-31 08:10 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-24 16:02 - 2013-08-05 19:01 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 16:02 - 2013-08-05 16:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 16:02 - 2013-07-24 16:02 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-24 16:02 - 2013-07-24 16:02 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Deployment
2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Apps\2.0
2013-07-24 15:54 - 2013-08-05 15:55 - 00000286 _____ C:\Windows\Tasks\Dealply.job
2013-07-24 15:54 - 2013-07-24 16:59 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-07-24 15:54 - 2013-07-24 15:59 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-24 15:54 - 2013-07-24 15:54 - 00003222 _____ C:\Windows\System32\Tasks\Dealply
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\Documents\PC Speed Maximizer
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dealply
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Local\DealPlyLive
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-07-24 15:49 - 2013-07-24 16:18 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-24 15:49 - 2013-07-24 15:54 - 00001180 _____ C:\Users\Test\Desktop\TeamViewer 8.lnk
2013-07-24 15:49 - 2013-07-24 15:50 - 00000000 ____D C:\Users\Test\AppData\Roaming\SmartPCFix
2013-07-15 14:13 - 2013-07-26 15:42 - 00021111 _____ C:\Users\Test\Desktop\jen.odt
2013-07-15 13:29 - 2013-07-15 14:00 - 00021108 _____ C:\Users\Test\Desktop\jen need shiter.odt
2013-07-09 23:06 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 23:06 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 23:06 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 23:06 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 23:06 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 23:06 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 23:06 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 23:06 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-09 23:06 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-09 23:06 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-09 23:06 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-09 23:06 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 23:06 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-09 23:06 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 23:06 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 19:48 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 19:48 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 19:48 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 19:48 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 19:48 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 19:47 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 19:47 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\TeamViewer_Setup_en.exe
2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\dmtempdownload15C525BDE52EEC42B9666C6E55902916.tmp
2013-07-07 14:25 - 2013-07-07 14:25 - 00000804 _____ C:\Users\Test\Downloads\InvoiceSummary_982083.csv
2013-07-07 14:24 - 2013-07-07 14:24 - 00002203 _____ C:\Users\Test\Downloads\InvoiceDivisionSummary_982084.csv
 
==================== One Month Modified Files and Folders =======
 
2013-08-05 19:41 - 2009-07-13 20:51 - 00047448 _____ C:\Windows\setupact.log
2013-08-05 19:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 19:02 - 2012-10-25 16:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 19:01 - 2013-07-24 16:02 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 18:18 - 2013-08-05 18:09 - 00000000 ____D C:\.Trash-0
2013-08-05 18:00 - 2013-08-05 17:59 - 25865008 _____ C:\asdsetup.exe
2013-08-05 17:25 - 2013-08-05 17:25 - 67108864 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 20447232 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 00786432 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-08-05 17:25 - 2013-08-05 17:25 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-08-05 17:25 - 2011-08-07 15:44 - 00000000 ____D C:\users\Test
2013-08-05 17:16 - 2013-08-05 17:16 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-05 17:01 - 2011-08-07 18:21 - 01657352 _____ C:\Windows\WindowsUpdate.log
2013-08-05 17:01 - 2009-07-13 20:45 - 00014816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 17:01 - 2009-07-13 20:45 - 00014816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 17:00 - 2009-07-13 21:13 - 00794686 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-05 16:07 - 2013-07-24 16:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 15:55 - 2013-07-24 15:54 - 00000286 _____ C:\Windows\Tasks\Dealply.job
2013-08-05 14:43 - 2012-05-30 11:33 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2490640244-3687583543-2216658516-1000UA.job
2013-08-05 14:43 - 2012-05-30 11:33 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2490640244-3687583543-2216658516-1000Core.job
2013-08-05 14:19 - 2013-08-05 14:19 - 01097690 _____ C:\Users\Test\AppData\Roaming\2433f433
2013-08-05 14:19 - 2013-08-05 14:19 - 01097638 _____ C:\Users\Test\AppData\Local\2433f433
2013-08-04 16:02 - 2012-09-11 12:50 - 00001824 _____ C:\Users\Public\Desktop\Verizon Internet Security Suite.lnk
2013-08-02 04:55 - 2013-08-02 04:55 - 00288680 _____ C:\Users\Test\Downloads\Setup.exe
2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Downloads\amerihealth logo
2013-07-31 15:00 - 2013-07-31 15:00 - 00001751 _____ C:\Users\Test\Desktop\amerihealth logo
2013-07-31 08:10 - 2013-07-24 16:03 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-27 15:15 - 2013-04-08 11:17 - 00000000 ____D C:\Users\Test\AppData\Roaming\HpUpdate
2013-07-27 06:16 - 2013-07-27 06:16 - 00300808 _____ (StarApp) C:\Users\Test\Downloads\DownloadSetup (2).exe
2013-07-26 15:42 - 2013-07-15 14:13 - 00021111 _____ C:\Users\Test\Desktop\jen.odt
2013-07-24 16:59 - 2013-07-24 15:54 - 00000000 ____D C:\Program Files (x86)\DealPlyLive
2013-07-24 16:18 - 2013-07-24 15:49 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-24 16:17 - 2011-10-19 13:56 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-07-24 16:17 - 2011-08-08 06:26 - 01775896 _____ C:\Windows\PFRO.log
2013-07-24 16:17 - 2009-07-13 20:45 - 00315952 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-24 16:16 - 2013-07-24 16:13 - 00000000 ____D C:\ProgramData\DnsBasic
2013-07-24 16:16 - 2013-07-24 16:13 - 00000000 ____D C:\Program Files (x86)\DnsBasic
2013-07-24 16:13 - 2013-07-24 16:13 - 00003666 _____ C:\Windows\System32\Tasks\Test TimeTrigger
2013-07-24 16:13 - 2013-07-24 16:13 - 00000000 _____ C:\ProgramData\3c2c202042223a_c
2013-07-24 16:08 - 2013-01-31 11:49 - 00000000 ____D C:\ProgramData\Yahoo!
2013-07-24 16:06 - 2012-09-15 14:24 - 00000000 ____D C:\Users\Test\AppData\Local\Conduit
2013-07-24 16:04 - 2013-06-23 04:40 - 00000866 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-07-24 16:03 - 2011-08-20 13:30 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-24 16:02 - 2013-07-24 16:02 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-24 16:02 - 2013-07-24 16:02 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Deployment
2013-07-24 16:02 - 2013-07-24 16:02 - 00000000 ____D C:\Users\Test\AppData\Local\Apps\2.0
2013-07-24 16:02 - 2011-08-17 13:22 - 00069552 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 15:59 - 2013-07-24 15:54 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-24 15:54 - 2013-07-24 15:54 - 00003222 _____ C:\Windows\System32\Tasks\Dealply
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\Documents\PC Speed Maximizer
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dealply
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\Users\Test\AppData\Local\DealPlyLive
2013-07-24 15:54 - 2013-07-24 15:54 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-07-24 15:54 - 2013-07-24 15:49 - 00001180 _____ C:\Users\Test\Desktop\TeamViewer 8.lnk
2013-07-24 15:50 - 2013-07-24 15:49 - 00000000 ____D C:\Users\Test\AppData\Roaming\SmartPCFix
2013-07-24 15:49 - 2011-08-26 13:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-07-22 10:37 - 2012-04-25 14:18 - 00000000 ____D C:\Users\Test\Documents\My Investigations
2013-07-19 14:42 - 2012-09-11 12:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-15 14:00 - 2013-07-15 13:29 - 00021108 _____ C:\Users\Test\Desktop\jen need shiter.odt
2013-07-14 17:58 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-10 15:29 - 2013-02-27 14:02 - 00022426 _____ C:\Users\Test\Documents\Sarbjit new resume.odt
2013-07-09 23:28 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 23:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 23:28 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 23:07 - 2011-08-07 16:16 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\TeamViewer_Setup_en.exe
2013-07-09 04:04 - 2013-07-09 04:04 - 05451264 _____ (TeamViewer GmbH) C:\Users\Test\Downloads\dmtempdownload15C525BDE52EEC42B9666C6E55902916.tmp
2013-07-08 04:39 - 2013-06-23 04:36 - 00000000 _____ C:\END
2013-07-07 14:25 - 2013-07-07 14:25 - 00000804 _____ C:\Users\Test\Downloads\InvoiceSummary_982083.csv
2013-07-07 14:24 - 2013-07-07 14:24 - 00002203 _____ C:\Users\Test\Downloads\InvoiceDivisionSummary_982084.csv
 
Files to move or delete:
====================
C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg
C:\Users\Test\GoToAssistDownloadHelper.exe
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-03-24 15:00:28
Restore point made on: 2013-03-25 23:00:18
Restore point made on: 2013-03-31 15:00:51
Restore point made on: 2013-04-07 15:00:44
Restore point made on: 2013-04-08 11:19:46
Restore point made on: 2013-04-10 23:00:53
Restore point made on: 2013-04-14 15:00:57
Restore point made on: 2013-04-21 15:00:46
Restore point made on: 2013-04-23 23:00:37
Restore point made on: 2013-04-28 15:00:46
Restore point made on: 2013-05-05 15:00:29
Restore point made on: 2013-05-12 15:00:46
Restore point made on: 2013-05-14 23:00:41
Restore point made on: 2013-05-19 15:00:43
Restore point made on: 2013-05-26 15:01:42
Restore point made on: 2013-06-02 15:01:01
Restore point made on: 2013-06-06 09:56:26
Restore point made on: 2013-06-09 15:00:32
Restore point made on: 2013-06-11 23:00:23
Restore point made on: 2013-06-16 15:00:46
Restore point made on: 2013-06-23 15:00:47
Restore point made on: 2013-06-24 23:00:23
Restore point made on: 2013-06-25 14:17:17
Restore point made on: 2013-06-25 14:18:49
Restore point made on: 2013-06-30 15:00:52
Restore point made on: 2013-07-07 15:00:41
Restore point made on: 2013-07-09 23:00:30
Restore point made on: 2013-07-14 15:00:46
Restore point made on: 2013-07-15 13:07:09
Restore point made on: 2013-07-21 15:00:44
Restore point made on: 2013-07-24 16:07:34
Restore point made on: 2013-07-28 15:00:48
Restore point made on: 2013-08-04 15:00:33
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 6134.23 MB
Available physical RAM: 5416.95 MB
Total Pagefile: 6132.38 MB
Available Pagefile: 5413.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:582.5 GB) (Free:455.1 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:13.66 GB) (Free:0.01 GB) FAT32 (Disk=0 Partition=2)
Drive j: () (Removable) (Total:0.94 GB) (Free:0.91 GB) FAT32 (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=0C)
 
========================================================
Disk: 5 (Size: 962 MB) (Disk ID: 73696D20)
No partition Table on disk 5.
 
 
LastRegBack: 2013-08-01 20:28
 
==================== End Of Log ============================
 
 
 
 
 
 
 
and heres the services.exe
 
Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by SYSTEM at 2013-08-06 00:05:17
Running from J:\
Boot Mode: Recovery
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
====== End Of Search ======

 

Link to post
Share on other sites

Okay this should get you going.

 

Please do the following:

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

 

HKU\Test\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg [80384 2013-08-05] (Valve Corporation) <===== ATTENTION
HKU\Test\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Test\...\Command Processor: "C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg" <===== ATTENTION!
2013-08-05 14:19 - 2013-08-05 14:19 - 01097690 _____ C:\Users\Test\AppData\Roaming\2433f433
2013-08-05 14:19 - 2013-08-05 14:19 - 01097638 _____ C:\Users\Test\AppData\Local\2433f433
C:\Users\Test\AppData\Local\Temp\lavdrwxjdtoaaxsptum.bfg
C:\Users\Test\GoToAssistDownloadHelper.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

It worked outstanding. Ive also ran the Rogue killer and adwcleaner from the other post too here are the results.

 

 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Test [Admin rights]
Mode : Scan -- Date : 08/06/2013 00:30:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 :  (C:\Users\Test\AppData\Local\Temp\symhiws\scnipyp\wow64.dll [x]) -> FOUND
 
¤¤¤ Scheduled tasks : 3 ¤¤¤
[V1][sUSP PATH] Dealply.job : C:\Users\Test\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [7] -> FOUND
[V2][sUSP PATH] Dealply : C:\Users\Test\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE - /Check [7] -> FOUND
[V2][sUSP PATH] Test TimeTrigger : C:\Users\Test\AppData\Local\Temp\Runner.exe - C:\Users\Test\AppData\Local\Temp\DNS.exe [-][-] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++
--- User ---
[MBR] cf0e677bdb3f1426b5deeb3f61d1cbf3
[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_08062013_003011.txt >>
 
 
 
 
 
Heres the first scan of adw
 
# AdwCleaner v2.306 - Logfile created 08/06/2013 at 00:33:18
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Test - TEST-PC
# Boot Mode : Normal
# Running from : C:\Users\Test\Desktop\adwcleaner.exe
# Option [search]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\END
File Found : C:\Users\Test\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Test\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Test\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Found : C:\Users\Test\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DealPly
Folder Found : C:\Program Files (x86)\DealPlyLive
Folder Found : C:\Program Files (x86)\DnsBasic
Folder Found : C:\Program Files (x86)\FLV_Runner
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\DealPlyLive
Folder Found : C:\ProgramData\DnsBasic
Folder Found : C:\ProgramData\Iminent
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\TheBflix
Folder Found : C:\Users\Test\AppData\Local\APN
Folder Found : C:\Users\Test\AppData\Local\Conduit
Folder Found : C:\Users\Test\AppData\Local\Deal Vault
Folder Found : C:\Users\Test\AppData\Local\DealPlyLive
Folder Found : C:\Users\Test\AppData\Local\Ilivid Player
Folder Found : C:\Users\Test\AppData\Local\PackageAware
Folder Found : C:\Users\Test\AppData\Local\Temp\AirInstaller
Folder Found : C:\Users\Test\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Test\AppData\LocalLow\Claro LTD
Folder Found : C:\Users\Test\AppData\LocalLow\Conduit
Folder Found : C:\Users\Test\AppData\LocalLow\FLV_Runner
Folder Found : C:\Users\Test\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Test\AppData\LocalLow\searchquband
Folder Found : C:\Users\Test\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Test\AppData\LocalLow\TheBflix
Folder Found : C:\Users\Test\AppData\Roaming\Babylon
Folder Found : C:\Users\Test\AppData\Roaming\DealPly
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\FLV_Runner
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\520888ce26aed14
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\FLV_Runner
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\520888ce26aed14
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3120D130-023B-4E8B-A913-FAC9A5C8E46D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2490640244-3687583543-2216658516-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2490640244-3687583543-2216658516-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.29] : keyword = "ask.com",
 
*************************
 
AdwCleaner[R1].txt - [18770 octets] - [06/08/2013 00:33:18]
 
########## EOF - C:\AdwCleaner[R1].txt - [18831 octets] ##########
 
 
 
Heres the deletion of the ADW
 
 AdwCleaner v2.306 - Logfile created 08/06/2013 at 00:34:19
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Test - TEST-PC
# Boot Mode : Normal
# Running from : C:\Users\Test\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\DnsBasic
File Deleted : C:\END
File Deleted : C:\Users\Test\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Test\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Test\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Test\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\DealPlyLive
Folder Deleted : C:\Program Files (x86)\FLV_Runner
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\DnsBasic
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\TheBflix
Folder Deleted : C:\Users\Test\AppData\Local\APN
Folder Deleted : C:\Users\Test\AppData\Local\Conduit
Folder Deleted : C:\Users\Test\AppData\Local\Deal Vault
Folder Deleted : C:\Users\Test\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\Test\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Test\AppData\Local\PackageAware
Folder Deleted : C:\Users\Test\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Test\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Test\AppData\LocalLow\Claro LTD
Folder Deleted : C:\Users\Test\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Test\AppData\LocalLow\FLV_Runner
Folder Deleted : C:\Users\Test\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Test\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Test\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Test\AppData\LocalLow\TheBflix
Folder Deleted : C:\Users\Test\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Test\AppData\Roaming\DealPly
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FLV_Runner
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\520888ce26aed14
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FLV_Runner
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\deal vault-bg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deal Vault-InternalInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\520888ce26aed14
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3120D130-023B-4E8B-A913-FAC9A5C8E46D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3BBD3C14-4C16-4989-8366-95BC9179779D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FLV_Runner Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{3BBD3C14-4C16-4989-8366-95BC9179779D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Users\Test\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.29] : keyword = "ask.com",
 
*************************
 
AdwCleaner[R1].txt - [18795 octets] - [06/08/2013 00:33:18]
AdwCleaner[s1].txt - [315 octets] - [06/08/2013 00:33:54]
AdwCleaner[s2].txt - [18880 octets] - [06/08/2013 00:34:19]
 
########## EOF - C:\AdwCleaner[s2].txt - [18941 octets] ##########
 
 
Link to post
Share on other sites

Glad to hear you can boot.

 

Let's start getting rid of the rest of it.

 

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.